Published: 17/02/2017 Updated: 04/11/2017

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 409

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap.

Vulnerable Product	Search on Vulmon	Subscribe to Product
shadow project shadow 4.2.1

Debian Bug report logs - #832170 shadow: CVE-2016-6252: Incorrect integer handling Package: src:shadow; Maintainer for src:shadow is Shadow package maintainers <pkg-shadow-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 23 Jul 2016 08:51:02 UTC Severity: important Tags ...

Several vulnerabilities were discovered in the shadow suite The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-6252 An integer overflow vulnerability was discovered, potentially allowing a local user to escalate privileges via crafted input to the newuidmap utility CVE-2017-2616 Tobias St ...

su could be made to crash or stop programs as an administrator ...

USN-3276-1 introduced a regression in su ...

CWE-190 https://github.com/shadow-maint/shadow/issues/27 https://bugzilla.suse.com/show_bug.cgi?id=979282 http://www.openwall.com/lists/oss-security/2016/07/25/7 http://www.openwall.com/lists/oss-security/2016/07/20/2 http://www.openwall.com/lists/oss-security/2016/07/19/7 http://www.openwall.com/lists/oss-security/2016/07/19/6 http://www.securityfocus.com/bid/92055 https://security.gentoo.org/glsa/201706-02 http://www.debian.org/security/2017/dsa-3793 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832170 https://nvd.nist.gov https://usn.ubuntu.com/3276-1/https://www.debian.org/security/./dsa-3793

CVE-2016-6252

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect