Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.6
CVSSv2

CVE-2018-16588

Published: 26/09/2018 Updated: 03/10/2019
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 409
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Suse

Vulnerability Summary

Privilege escalation can occur in the SUSE useradd.c code in useradd, as distributed in the SUSE shadow package up to and including 4.2.1-27.9.1 for SUSE Linux Enterprise 12 (SLE-12) and up to and including 4.5-5.39 for SUSE Linux Enterprise 15 (SLE-15). Non-existing intermediate directories are created with mode 0777 during user creation. Given that they are world-writable, local attackers might use this for privilege escalation and other unspecified attacks. NOTE: this would affect non-SUSE users who took useradd.c code from a 2014-04-02 upstream pull request; however, no non-SUSE distribution is known to be affected.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

suse shadow

Vendor Advisories

Red Hat: CVE-2018-16588
Privilege escalation can occur in the SUSE useraddc code in useradd, as distributed in the SUSE shadow package through 421-2791 for SUSE Linux Enterprise 12 (SLE-12) and through 45-539 for SUSE Linux Enterprise 15 (SLE-15) Non-existing intermediate directories are created with mode 0777 during user creation Given that they are world-writab ...

Github Repositories

https://github.com/blackberry/UBCIS

Ultimate Benchmark for Container Image Scanners

UBCIS Ultimate Benchmark for Container Image Scanning (UBCIS) is a benchmark for detecting the scanner performance in terms of precision and vulnerability coverage on most common Linux Docker basic images UBCIS can evaluate your scanner and score it using statistical notations of precision, recall and f-measure UBCIS can also run a set of scanners on a set of container images

References

CWE-732http://lists.opensuse.org/opensuse-security-announce/2018-09/msg00073.htmlhttps://nvd.nist.govhttps://github.com/blackberry/UBCIShttps://access.redhat.com/security/cve/cve-2018-16588
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook