CVE-2018-16588

Impact:
Low
Public Date:
2018-09-06
CWE:
CWE-732
Bugzilla:
1626123: CVE-2018-16588 shadow-utils: useradd-mkdirs.patch creates intermediate directories with 0777

The MITRE CVE dictionary describes this issue as:

Privilege escalation can occur in the SUSE useradd.c code in useradd, as distributed in the SUSE shadow package through 4.2.1-27.9.1 for SUSE Linux Enterprise 12 (SLE-12) and through 4.5-5.39 for SUSE Linux Enterprise 15 (SLE-15). Non-existing intermediate directories are created with mode 0777 during user creation. Given that they are world-writable, local attackers might use this for privilege escalation and other unspecified attacks. NOTE: this would affect non-SUSE users who took useradd.c code from a 2014-04-02 upstream pull request; however, no non-SUSE distribution is known to be affected.

Find out more about CVE-2018-16588 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.

CVSS3 Base Score 4.4
CVSS3 Base Metrics CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Attack Vector Local
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality Low
Integrity Impact Low
Availability Impact None

Affected Packages State

Platform Package State
Red Hat Virtualization 4 shadow-utils Not affected
Red Hat Enterprise Linux 7 shadow-utils Not affected
Red Hat Enterprise Linux 6 shadow-utils Not affected
Red Hat Enterprise Linux 5 shadow-utils Not affected

Last Modified

CVE description copyright © 2017, The MITRE Corporation