Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 627044 (CVE-2017-12424) - <sys-apps/shadow-4.5: newusers tool could be made to manipulate internal data structures (CVE-2017-12424)
Summary: <sys-apps/shadow-4.5: newusers tool could be made to manipulate internal data...
Status: RESOLVED FIXED
Alias: CVE-2017-12424
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A2 [glsa+ cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2017-08-04 09:57 UTC by Aleksandr Wagner (Kivak)
Modified: 2018-04-09 00:04 UTC (History)
2 users (show)

See Also:
Package list:
sys-apps/shadow-4.5
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Aleksandr Wagner (Kivak) 2017-08-04 09:57:45 UTC
CVE-2017-12424 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12424):

In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts. 

References:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756630
https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1266675
https://github.com/shadow-maint/shadow/commit/954e3d2e7113e9ac06632aee3c69b8d818cc8952
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2017-08-04 12:39:28 UTC
@ Arches,

please test and mark stable: =sys-apps/shadow-4.5
Comment 2 Sergei Trofimovich (RETIRED) gentoo-dev 2017-08-05 18:10:40 UTC
ia64 stable
Comment 3 Markus Meier gentoo-dev 2017-08-08 04:33:02 UTC
arm stable
Comment 4 Richard Freeman gentoo-dev 2017-08-09 16:34:24 UTC
amd64 stable
Comment 5 Thomas Deutschmann (RETIRED) gentoo-dev 2017-08-18 20:11:07 UTC
x86 stable
Comment 6 Matt Turner gentoo-dev 2017-08-25 22:35:21 UTC
alpha stable
Comment 7 Aaron Bauman (RETIRED) gentoo-dev 2017-09-10 22:12:42 UTC
sparc was dropped to exp.

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b5901d8f716555a1479f12313a2925fcadd177a9
Comment 8 Sergei Trofimovich (RETIRED) gentoo-dev 2017-09-24 19:44:01 UTC
ppc64 stable
Comment 9 Sergei Trofimovich (RETIRED) gentoo-dev 2017-09-27 09:13:50 UTC
ppc stable
Comment 10 Sergei Trofimovich (RETIRED) gentoo-dev 2017-10-13 19:53:35 UTC
hppa stable
Comment 11 Aaron Bauman (RETIRED) gentoo-dev 2017-10-13 22:38:32 UTC
GLSA requested filed.
Comment 12 GLSAMaker/CVETool Bot gentoo-dev 2017-10-15 20:18:49 UTC
This issue was resolved and addressed in
 GLSA 201710-16 at https://security.gentoo.org/glsa/201710-16
by GLSA coordinator Aaron Bauman (b-man).
Comment 13 Aaron Bauman (RETIRED) gentoo-dev 2017-10-15 20:19:57 UTC
re-opening for cleanup or mask.
Comment 14 Sergei Trofimovich (RETIRED) gentoo-dev 2017-10-31 22:42:51 UTC
sparc stable (thanks to Rolf Eike Beer)
Comment 15 Mart Raudsepp gentoo-dev 2018-03-05 00:37:40 UTC
arm64 stable; cleanup should be more possible now.
Comment 16 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2018-04-08 17:00:31 UTC
All done, thank you all.
Comment 17 Larry the Git Cow gentoo-dev 2018-04-09 00:04:11 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3639511fbbd747f125d97f46fb70169333366a80

commit 3639511fbbd747f125d97f46fb70169333366a80
Author:     Aaron Bauman <bman@gentoo.org>
AuthorDate: 2018-04-08 17:06:53 +0000
Commit:     Aaron Bauman <bman@gentoo.org>
CommitDate: 2018-04-09 00:04:02 +0000

    sys-apps/shadow: drop vulnerable
    
    Bug: https://bugs.gentoo.org/627044
    Package-Manager: Portage-2.3.28, Repoman-2.3.9
    Closes: https://github.com/gentoo/gentoo/pull/7882

 sys-apps/shadow/Manifest             |   1 -
 sys-apps/shadow/shadow-4.4-r2.ebuild | 213 -----------------------------------
 2 files changed, 214 deletions(-)}