Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 591
Alerts This Week
Warning Icon 1 591

Ubuntu 17.04 USN-3276-1 Moderate: Admin Access Issue in Shadow

ubuntu
Calendar Grey May 5, 2017
Dist Ubuntu Esm H88
A vulnerability discovered in several Ubuntu versions relates to shadow misconfigurations, exposing administrators to potential disruptions in program execution.
su could be made to crash or stop programs as an administrator.

Summary

su could be made to crash or stop programs as an administrator.

Software Description:

- shadow: system login tools

Details:

Sebastian Krahmer discovered integer overflows in shadow utilities.

A local attacker could possibly cause them to crash or potentially

gain privileges via crafted input. (CVE-2016-6252)

Tobias Stöckmann discovered a race condition in su. A local

attacker could cause su to send SIGKILL to other processes with

root privileges. (CVE-2017-2616)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.04:
  login                           1:4.2-3.2ubuntu1.17.04.1
  passwd                          1:4.2-3.2ubuntu1.17.04.1
  uidmap                          1:4.2-3.2ubuntu1.17.04.1

Ubuntu 16.10:
  login                           1:4.2-3.2ubuntu1.16.10.1
  passwd                          1:4.2-3.2ubuntu1.16.10.1
  uidmap                          1:4.2-3.2ubuntu1.16.10.1

Ubuntu 16.04 LTS:
  login                           1:4.2-3.1ubuntu5.2
  passwd                          1:4.2-3.1ubuntu5.2
  uidmap                          1:4.2-3.1ubuntu5.2

Ubuntu 14.04 LTS:
  login                           1:4.1.5.1-1ubuntu9.4
  passwd                          1:4.1.5.1-1ubuntu9.4
  uidmap                          1:4.1.5.1-1ubuntu9.4

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-3276-1

CVE-2016-6252, CVE-2017-2616

May 05, 2017

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.