Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 830486 (CVE-2013-4235) - <sys-apps/shadow-4.12.2: TOCTOU race condition in usermod/userdel (CVE-2013-4235)
Summary: <sys-apps/shadow-4.12.2: TOCTOU race condition in usermod/userdel (CVE-2013-4...
Status: RESOLVED FIXED
Alias: CVE-2013-4235
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A3 [glsa+]
Keywords:
Depends on: 831980 867358
Blocks:
  Show dependency tree
 
Reported: 2022-01-03 05:07 UTC by Sam James
Modified: 2022-10-31 02:21 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-01-03 05:07:26 UTC
A TOCTOU race condition was discovered in shadow-utils. A local attacker with write privileges in a directory removed or copied by usermod/userdel could potentially exploit this flaw, when the administrator invokes usermod/userdel, to delete or modify other files on the system.
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-08-18 22:07:50 UTC
4.12.2 contains https://github.com/shadow-maint/shadow/pull/545. I'm guessing it was an incomplete fix before.
Comment 2 Larry the Git Cow gentoo-dev 2022-08-18 23:08:00 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=620576deeeeafb1f79930a822959b80ec57b40ab

commit 620576deeeeafb1f79930a822959b80ec57b40ab
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-08-18 22:29:49 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-08-18 23:07:03 +0000

    sys-apps/shadow: add 4.12.2
    
    Bug: https://bugs.gentoo.org/830486
    Signed-off-by: Sam James <sam@gentoo.org>

 sys-apps/shadow/Manifest             |   2 +
 sys-apps/shadow/shadow-4.12.2.ebuild | 259 +++++++++++++++++++++++++++++++++++
 2 files changed, 261 insertions(+)
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-09-30 19:58:37 UTC
(In reply to Sam James from comment #1)
> 4.12.2 contains https://github.com/shadow-maint/shadow/pull/545. I'm
> guessing it was an incomplete fix before.

"Well, that was papering it over.

Let's say you are deleting user joe, but user joe had a file owned by user mitch. dcca865 would force joe's processes to be killed, but user mitch might in theory be able to use the TOCTTOU to make bad things happen. This PR actually addresses the TOCTTOU itself."
Comment 4 Larry the Git Cow gentoo-dev 2022-10-31 01:41:44 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=ca82b22f363882c75c7932c5a53e38ceb60b42e2

commit ca82b22f363882c75c7932c5a53e38ceb60b42e2
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2022-10-31 01:22:12 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2022-10-31 01:40:16 +0000

    [ GLSA 202210-26 ] Shadow: TOCTOU Race
    
    Bug: https://bugs.gentoo.org/830486
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 glsa-202210-26.xml | 42 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)
Comment 5 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-10-31 02:21:41 UTC
GLSA released, all done!