#VU113028 Permissions, Privileges, and Access Controls in shadow - CVE-2024-56433
Vulnerability identifier: #VU113028
Vulnerability risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:U/U:Green]
CVE-ID:
CWE-ID:
CWE-264
Exploitation vector: Local network
Exploit availability: No
Vulnerable software:
shadow
Universal components / Libraries /
Libraries used by multiple products
Vendor: Mark Florian
Description
The vulnerability allows a remote user to escalate privileges on the system.
The vulnerability exists due to shadow-utils establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users).
Mitigation
Install updates from vendor's website.
Vulnerable software versions
shadow: 4.4 - 4.17.0
External links
https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241
https://github.com/shadow-maint/shadow/issues/1157
https://github.com/shadow-maint/shadow/releases/tag/4.4
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
