Description

shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.

INFO

Published Date :

2024-12-26T00:00:00.000Z

Last Modified :

2024-12-27T14:48:48.272Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2024-56433 vulnerability.

Vendors Products
Shadow-maint
  • Shadow-utils
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-56433.

URL Resource
https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241 cve-icon cve-icon cve-icon
https://github.com/shadow-maint/shadow/issues/1157 cve-icon cve-icon cve-icon
https://github.com/shadow-maint/shadow/releases/tag/4.4 cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-56433 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-56433 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact