Vulnerabilities > CVE-2016-6252 - Integer Overflow or Wraparound vulnerability in Shadow Project Shadow 4.2.1

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
shadow-project
CWE-190
nessus
NVD
Published: 2017-02-17
Updated: 2017-11-04

Summary

Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap.

Vulnerable Configurations

Part Description Count
Application
Shadow_Project
1

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.

Nessus

  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2662.NASL
    descriptionAccording to the version of the shadow-utils package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap.(CVE-2016-6252) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-12-18
    plugin id132197
    published2019-12-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132197
    titleEulerOS 2.0 SP3 : shadow-utils (EulerOS-SA-2019-2662)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2017-0023_SHADOW.NASL
    descriptionAn update of the shadow package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id121708
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121708
    titlePhoton OS 1.0: Shadow PHSA-2017-0023
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3276-2.NASL
    descriptionUSN-3276-1 intended to fix a vulnerability in su. The solution introduced a regression in su signal handling. This update modifies the security fix. We apologize for the inconvenience. Sebastian Krahmer discovered integer overflows in shadow utilities. A local attacker could possibly cause them to crash or potentially gain privileges via crafted input. (CVE-2016-6252) Tobias Stockmann discovered a race condition in su. A local attacker could cause su to send SIGKILL to other processes with root privileges. (CVE-2017-2616). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id100248
    published2017-05-17
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100248
    titleUbuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : shadow regression (USN-3276-2)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2017-0023.NASL
    descriptionAn update of [systemd,wget,shadow,glibc] packages for PhotonOS has been released.
    last seen2019-02-21
    modified2019-02-07
    plugin id111872
    published2018-08-17
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=111872
    titlePhoton OS 1.0: Glibc / Shadow / Systemd / Wget PHSA-2017-0023 (deprecated)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201706-02.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201706-02 (Shadow: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Shadow. Please review the CVE identifiers referenced below for details. Impact : A local attacker could possibly cause a Denial of Service condition, gain privileges via crafted input, or SIGKILL arbitrary processes. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id100629
    published2017-06-06
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100629
    titleGLSA-201706-02 : Shadow: Multiple vulnerabilities
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2188.NASL
    descriptionAccording to the version of the shadow-utils package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap.(CVE-2016-6252) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-11-08
    plugin id130650
    published2019-11-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130650
    titleEulerOS 2.0 SP5 : shadow-utils (EulerOS-SA-2019-2188)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1997-1.NASL
    descriptionThis update for shadow fixes the following issues : - CVE-2016-6252: Incorrect integer handling could results in local privilege escalation (bsc#1099310) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id111203
    published2018-07-20
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111203
    titleSUSE SLED12 / SLES12 Security Update : shadow (SUSE-SU-2018:1997-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-770.NASL
    descriptionThis update for shadow fixes the following issues : - CVE-2016-6252: Incorrect integer handling could results in local privilege escalation (bsc#1099310) This update was imported from the SUSE:SLE-12-SP2:Update update project.
    last seen2020-06-05
    modified2018-07-30
    plugin id111422
    published2018-07-30
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111422
    titleopenSUSE Security Update : shadow (openSUSE-2018-770)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2427.NASL
    descriptionAccording to the versions of the shadow-utils package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts.(CVE-2017-12424) - Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap.(CVE-2016-6252) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-12-04
    plugin id131581
    published2019-12-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131581
    titleEulerOS 2.0 SP2 : shadow-utils (EulerOS-SA-2019-2427)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1995-1.NASL
    descriptionThis update for shadow fixes the following issues : - CVE-2016-6252: Fixed incorrect integer handling that could results in a local privilege escalation (bsc#1099310) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id111202
    published2018-07-20
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111202
    titleSUSE SLES12 Security Update : shadow (SUSE-SU-2018:1995-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3793.NASL
    descriptionSeveral vulnerabilities were discovered in the shadow suite. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2016-6252 An integer overflow vulnerability was discovered, potentially allowing a local user to escalate privileges via crafted input to the newuidmap utility. - CVE-2017-2616 Tobias Stoeckmann discovered that su does not properly handle clearing a child PID. A local attacker can take advantage of this flaw to send SIGKILL to other processes with root privileges, resulting in denial of service.
    last seen2020-06-01
    modified2020-06-02
    plugin id97397
    published2017-02-27
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97397
    titleDebian DSA-3793-1 : shadow - security update
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3276-1.NASL
    descriptionSebastian Krahmer discovered integer overflows in shadow utilities. A local attacker could possibly cause them to crash or potentially gain privileges via crafted input. (CVE-2016-6252) Tobias Stockmann discovered a race condition in su. A local attacker could cause su to send SIGKILL to other processes with root privileges. (CVE-2017-2616). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id99993
    published2017-05-05
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99993
    titleUbuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : shadow vulnerabilities (USN-3276-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1237.NASL
    descriptionAccording to the version of the shadow-utils package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap.(CVE-2016-6252) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-19
    modified2020-03-13
    plugin id134526
    published2020-03-13
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134526
    titleEulerOS Virtualization for ARM 64 3.0.2.0 : shadow-utils (EulerOS-SA-2020-1237)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1997-2.NASL
    descriptionThis update for shadow fixes the following issues : CVE-2016-6252: Incorrect integer handling could results in local privilege escalation (bsc#1099310) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id118276
    published2018-10-22
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118276
    titleSUSE SLES12 Security Update : shadow (SUSE-SU-2018:1997-2)

References