Info

Disclosure

Jul 05, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Shadow contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when passwd, called with the -f, -g, or -s option, did not check the result of the 'setuid' call. This flaw may lead to a loss of Confidentiality and Integrity.

Classification

Location: Local Access Required
Attack Type: Other
Impact: Loss of Confidentiality, Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Upgrade to version 4.0.14 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Ubuntu	Shadow	4.0.3
		4.0.13

References

Bugtraq ID: 18850
CVE ID: 2006-3378 (see also: NVD)
Secunia Advisory ID: 20950 20966
Vendor Specific Advisory URL: http://www.ubuntu.com/usn/usn-308-1

Credit

Ilja van Sprundel -

Direct URL: http://osvdb.org/26995

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Ubuntu

Shadow

References

Credit