CVE-2018-16588

26.09.2018, 22:29

Privilege escalation can occur in the SUSE useradd.c code in useradd, as distributed in the SUSE shadow package through 4.2.1-27.9.1 for SUSE Linux Enterprise 12 (SLE-12) and through 4.5-5.39 for SUSE Linux Enterprise 15 (SLE-15). Non-existing intermediate directories are created with mode 0777 during user creation. Given that they are world-writable, local attackers might use this for privilege escalation and other unspecified attacks.  NOTE: this would affect non-SUSE users who took useradd.c code from a 2014-04-02 upstream pull request; however, no non-SUSE distribution is known to be affected.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 13%

Vendor	Product	Version
suse	shadow	𝑥 ≤ 4.2.1-27.9.1
suse	shadow	𝑥 ≤ 4.5-5.39

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

shadow

bullseye	1:4.8.1-1 fixed
bookworm	1:4.13+dfsg1-1 fixed
sid	1:4.16.0-4 fixed
trixie	1:4.16.0-4 fixed

Common Weakness Enumeration

CWE-732 - Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References

http://lists.opensuse.org/opensuse-security-announce/2018-09/msg00073.html