CVE-2017-12424
Published: 04 August 2017
In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts.
Priority
CVSS 3 base score: 9.8
Status
Package | Release | Status |
---|---|---|
shadow Launchpad, Ubuntu, Debian |
Upstream |
Released
(1:4.5-1)
|
Ubuntu 20.10 (Groovy Gorilla) |
Not vulnerable
(1:4.5-1ubuntu1)
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(1:4.5-1ubuntu1)
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(1:4.5-1ubuntu1)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Needed
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Needed
|
|
Patches: Other: https://github.com/shadow-maint/shadow/commit/954e3d2e7113e9ac06632aee3c69b8d818cc8952 |