Vulnerabilities > CVE-2016-6252 - Integer Overflow or Wraparound vulnerability in Shadow Project Shadow 4.2.1
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Forced Integer Overflow This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
Nessus
NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2662.NASL description According to the version of the shadow-utils package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap.(CVE-2016-6252) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-12-18 plugin id 132197 published 2019-12-18 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132197 title EulerOS 2.0 SP3 : shadow-utils (EulerOS-SA-2019-2662) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2017-0023_SHADOW.NASL description An update of the shadow package has been released. last seen 2020-03-17 modified 2019-02-07 plugin id 121708 published 2019-02-07 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121708 title Photon OS 1.0: Shadow PHSA-2017-0023 NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3276-2.NASL description USN-3276-1 intended to fix a vulnerability in su. The solution introduced a regression in su signal handling. This update modifies the security fix. We apologize for the inconvenience. Sebastian Krahmer discovered integer overflows in shadow utilities. A local attacker could possibly cause them to crash or potentially gain privileges via crafted input. (CVE-2016-6252) Tobias Stockmann discovered a race condition in su. A local attacker could cause su to send SIGKILL to other processes with root privileges. (CVE-2017-2616). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 100248 published 2017-05-17 reporter Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100248 title Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : shadow regression (USN-3276-2) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2017-0023.NASL description An update of [systemd,wget,shadow,glibc] packages for PhotonOS has been released. last seen 2019-02-21 modified 2019-02-07 plugin id 111872 published 2018-08-17 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=111872 title Photon OS 1.0: Glibc / Shadow / Systemd / Wget PHSA-2017-0023 (deprecated) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201706-02.NASL description The remote host is affected by the vulnerability described in GLSA-201706-02 (Shadow: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Shadow. Please review the CVE identifiers referenced below for details. Impact : A local attacker could possibly cause a Denial of Service condition, gain privileges via crafted input, or SIGKILL arbitrary processes. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 100629 published 2017-06-06 reporter This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100629 title GLSA-201706-02 : Shadow: Multiple vulnerabilities NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2188.NASL description According to the version of the shadow-utils package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap.(CVE-2016-6252) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-11-08 plugin id 130650 published 2019-11-08 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130650 title EulerOS 2.0 SP5 : shadow-utils (EulerOS-SA-2019-2188) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-1997-1.NASL description This update for shadow fixes the following issues : - CVE-2016-6252: Incorrect integer handling could results in local privilege escalation (bsc#1099310) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 111203 published 2018-07-20 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111203 title SUSE SLED12 / SLES12 Security Update : shadow (SUSE-SU-2018:1997-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-770.NASL description This update for shadow fixes the following issues : - CVE-2016-6252: Incorrect integer handling could results in local privilege escalation (bsc#1099310) This update was imported from the SUSE:SLE-12-SP2:Update update project. last seen 2020-06-05 modified 2018-07-30 plugin id 111422 published 2018-07-30 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111422 title openSUSE Security Update : shadow (openSUSE-2018-770) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2427.NASL description According to the versions of the shadow-utils package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts.(CVE-2017-12424) - Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap.(CVE-2016-6252) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-12-04 plugin id 131581 published 2019-12-04 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131581 title EulerOS 2.0 SP2 : shadow-utils (EulerOS-SA-2019-2427) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-1995-1.NASL description This update for shadow fixes the following issues : - CVE-2016-6252: Fixed incorrect integer handling that could results in a local privilege escalation (bsc#1099310) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 111202 published 2018-07-20 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111202 title SUSE SLES12 Security Update : shadow (SUSE-SU-2018:1995-1) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3793.NASL description Several vulnerabilities were discovered in the shadow suite. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2016-6252 An integer overflow vulnerability was discovered, potentially allowing a local user to escalate privileges via crafted input to the newuidmap utility. - CVE-2017-2616 Tobias Stoeckmann discovered that su does not properly handle clearing a child PID. A local attacker can take advantage of this flaw to send SIGKILL to other processes with root privileges, resulting in denial of service. last seen 2020-06-01 modified 2020-06-02 plugin id 97397 published 2017-02-27 reporter This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97397 title Debian DSA-3793-1 : shadow - security update NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3276-1.NASL description Sebastian Krahmer discovered integer overflows in shadow utilities. A local attacker could possibly cause them to crash or potentially gain privileges via crafted input. (CVE-2016-6252) Tobias Stockmann discovered a race condition in su. A local attacker could cause su to send SIGKILL to other processes with root privileges. (CVE-2017-2616). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 99993 published 2017-05-05 reporter Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99993 title Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : shadow vulnerabilities (USN-3276-1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1237.NASL description According to the version of the shadow-utils package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap.(CVE-2016-6252) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-19 modified 2020-03-13 plugin id 134526 published 2020-03-13 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134526 title EulerOS Virtualization for ARM 64 3.0.2.0 : shadow-utils (EulerOS-SA-2020-1237) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-1997-2.NASL description This update for shadow fixes the following issues : CVE-2016-6252: Incorrect integer handling could results in local privilege escalation (bsc#1099310) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 118276 published 2018-10-22 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118276 title SUSE SLES12 Security Update : shadow (SUSE-SU-2018:1997-2)
References
- https://github.com/shadow-maint/shadow/issues/27
- https://bugzilla.suse.com/show_bug.cgi?id=979282
- http://www.openwall.com/lists/oss-security/2016/07/25/7
- http://www.openwall.com/lists/oss-security/2016/07/20/2
- http://www.openwall.com/lists/oss-security/2016/07/19/7
- http://www.openwall.com/lists/oss-security/2016/07/19/6
- http://www.securityfocus.com/bid/92055
- https://security.gentoo.org/glsa/201706-02
- http://www.debian.org/security/2017/dsa-3793