Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2017-12424

Published: 04/08/2017 Updated: 23/03/2021
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Shadow

Vulnerability Summary

In shadow prior to 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

shadow project shadow

debian debian linux 9.0

Vendor Advisories

Debian CVElist Bug Report Logs: shadow: CVE-2017-12424: newusers fails with multiple users
Debian Bug report logs - #756630 shadow: CVE-2017-12424: newusers fails with multiple users Package: passwd; Maintainer for passwd is Shadow package maintainers <pkg-shadow-devel@listsaliothdebianorg>; Source for passwd is src:shadow (PTS, buildd, popcon) Reported by: Manfred Richter <manfred@driat> Date: Thu, 31 ...
Ubuntu Security Notice: USN-5254-1: shadow vulnerabilities
Several security issues were fixed in shadow ...
Red Hat: CVE-2017-12424
A buffer overflow flaw leading to heap memory corruption was found in the shadow-utils's newusers utility A local, authenticated attacker could potentially use this flaw to crash the newusers process by supplying crafted data to it ...

References

CWE-119https://github.com/shadow-maint/shadow/commit/954e3d2e7113e9ac06632aee3c69b8d818cc8952https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1266675https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756630https://security.gentoo.org/glsa/201710-16https://lists.debian.org/debian-lts-announce/2021/03/msg00020.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756630https://ubuntu.com/security/notices/USN-5254-1https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2017-12424
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925CVE-2023-41826LFICVE-2022-22364CVE-2024-2887command injectionremote code executionCVE-2024-34446CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook