Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2017-12424 (GCVE-0-2017-12424)
Vulnerability from cvelistv5 – Published: 2017-08-04 09:00 – Updated: 2024-08-05 18:36
VLAI
EPSS
Summary
In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug… | x_refsource_CONFIRM |
| https://security.gentoo.org/glsa/201710-16 | vendor-advisoryx_refsource_GENTOO |
| https://github.com/shadow-maint/shadow/commit/954… | x_refsource_CONFIRM |
| https://bugs.launchpad.net/ubuntu/+source/shadow/… | x_refsource_CONFIRM |
| https://lists.debian.org/debian-lts-announce/2021… | mailing-listx_refsource_MLIST |
Date Public
2017-08-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:36:56.443Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756630"
},
{
"name": "GLSA-201710-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201710-16"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/shadow-maint/shadow/commit/954e3d2e7113e9ac06632aee3c69b8d818cc8952"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1266675"
},
{
"name": "[debian-lts-announce] 20210317 [SECURITY] [DLA 2596-1] shadow security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-08-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-17T14:06:40.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756630"
},
{
"name": "GLSA-201710-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201710-16"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/shadow-maint/shadow/commit/954e3d2e7113e9ac06632aee3c69b8d818cc8952"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1266675"
},
{
"name": "[debian-lts-announce] 20210317 [SECURITY] [DLA 2596-1] shadow security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12424",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756630",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756630"
},
{
"name": "GLSA-201710-16",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-16"
},
{
"name": "https://github.com/shadow-maint/shadow/commit/954e3d2e7113e9ac06632aee3c69b8d818cc8952",
"refsource": "CONFIRM",
"url": "https://github.com/shadow-maint/shadow/commit/954e3d2e7113e9ac06632aee3c69b8d818cc8952"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1266675",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1266675"
},
{
"name": "[debian-lts-announce] 20210317 [SECURITY] [DLA 2596-1] shadow security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-12424",
"datePublished": "2017-08-04T09:00:00.000Z",
"dateReserved": "2017-08-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T18:36:56.443Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2017-12424",
"date": "2026-05-30",
"epss": "0.00583",
"percentile": "0.69309"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2017-12424\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-08-04T09:29:00.187\",\"lastModified\":\"2026-05-13T00:24:29.033\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts.\"},{\"lang\":\"es\",\"value\":\"En las versiones de Shadow anteriores a la 4.5, la herramienta newusers podr\u00eda utilizarse para manipular estructuras de datos internas de formas no permitidas por los desarrolladores. Las entradas manipuladas podr\u00edan llevar a ca\u00eddas (con un desbordamiento de b\u00fafer u otros tipos de corrupci\u00f3n de memoria) o a otro tipo de comportamiento sin especificar. Esto provoca un l\u00edmite de privilegios en, por ejemplo, ciertos entornos de hospedaje web en los que un Panel de Control permite que una cuenta de usuario sin privilegios cree subcuentas.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":true,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:shadow_project:shadow:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.5\",\"matchCriteriaId\":\"47C73BF7-91C6-44B6-B55B-4477B6F66C04\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}],\"references\":[{\"url\":\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756630\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1266675\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/shadow-maint/shadow/commit/954e3d2e7113e9ac06632aee3c69b8d818cc8952\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/03/msg00020.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201710-16\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756630\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1266675\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/shadow-maint/shadow/commit/954e3d2e7113e9ac06632aee3c69b8d818cc8952\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/03/msg00020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201710-16\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
Title
Уязвимость инструмента newusers утилиты для управления учетными записями shadow, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Description
Уязвимость инструмента newusers утилиты для управления учетными записями shadow связана с выходом операции за границы буфера в памяти. Эксплуатация уязвимости позволяет нарушителю, действующему удаленно, получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Severity
Vendor
Сообщество свободного программного обеспечения, ООО «РусБИТех-Астра», Rob Jansen, АО «Концерн ВНИИНС»
Software Name
Debian GNU/Linux, Astra Linux Special Edition для «Эльбрус» (запись в едином реестре российских программ №11156), Shadow, ОС ОН «Стрелец» (запись в едином реестре российских программ №6177)
Software Version
9 (Debian GNU/Linux), 10 (Debian GNU/Linux), 8.1 «Ленинград» (Astra Linux Special Edition для «Эльбрус»), 11 (Debian GNU/Linux), до 4.5 (Shadow), до 16.01.2023 (ОС ОН «Стрелец»)
Possible Mitigations
Для Shadow:
Использование рекомендаций производителя: https://github.com/shadow-maint/shadow/commit/954e3d2e7113e9ac06632aee3c69b8d818cc8952
Для Debian:
Использование рекомендаций производителя: https://security-tracker.debian.org/tracker/CVE-2017-12424
Для Astra Linux:
Использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81
Для ОС ОН «Стрелец»:
Обновление программного обеспечения shadow до версии 1:4.4-4.1+deb9u1.osnova4
Reference
https://nvd.nist.gov/vuln/detail/CVE-2017-12424
https://security-tracker.debian.org/tracker/CVE-2017-12424
https://github.com/shadow-maint/shadow/commit/954e3d2e7113e9ac06632aee3c69b8d818cc8952
https://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81
https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023
CWE
CWE-119
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Rob Jansen, \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "9 (Debian GNU/Linux), 10 (Debian GNU/Linux), 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb), 11 (Debian GNU/Linux), \u0434\u043e 4.5 (Shadow), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u043b\u044f Shadow:\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://github.com/shadow-maint/shadow/commit/954e3d2e7113e9ac06632aee3c69b8d818cc8952\n\n\u0414\u043b\u044f Debian:\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://security-tracker.debian.org/tracker/CVE-2017-12424\n\n\u0414\u043b\u044f Astra Linux:\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f shadow \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1:4.4-4.1+deb9u1.osnova4",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "31.07.2014",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "21.11.2023",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "07.12.2021",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-05844",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2017-12424",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), Shadow, \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430 newusers \u0443\u0442\u0438\u043b\u0438\u0442\u044b \u0434\u043b\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0443\u0447\u0435\u0442\u043d\u044b\u043c\u0438 \u0437\u0430\u043f\u0438\u0441\u044f\u043c\u0438 shadow, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0432\u044b\u0445\u043e\u0434\u043e\u043c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c, \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u0438\u0445 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0412\u044b\u0445\u043e\u0434 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438 (CWE-119)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430 newusers \u0443\u0442\u0438\u043b\u0438\u0442\u044b \u0434\u043b\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0443\u0447\u0435\u0442\u043d\u044b\u043c\u0438 \u0437\u0430\u043f\u0438\u0441\u044f\u043c\u0438 shadow \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0432\u044b\u0445\u043e\u0434\u043e\u043c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c, \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u0438\u0445 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://nvd.nist.gov/vuln/detail/CVE-2017-12424\nhttps://security-tracker.debian.org/tracker/CVE-2017-12424\nhttps://github.com/shadow-maint/shadow/commit/954e3d2e7113e9ac06632aee3c69b8d818cc8952\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-119",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,8)"
}
Title
Shadow拒绝服务漏洞
Description
shadow是一套用于维护Debian系统的工具套件。
shadow 4.5之前的版本中存在安全漏洞。攻击者可借助畸形的输入利用该漏洞造成该套件崩溃(缓冲区溢出或内存损坏)。
Severity
高
Patch Name
Shadow拒绝服务漏洞的补丁
Patch Description
shadow是一套用于维护Debian系统的工具套件。
shadow 4.5之前的版本中存在安全漏洞。攻击者可借助畸形的输入利用该漏洞造成该套件崩溃(缓冲区溢出或内存损坏)。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布漏洞修复程序,请及时关注更新: https://github.com/shadow-maint/shadow/commit/954e3d2e7113e9ac06632aee3c69b8d818cc8952
Reference
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756630
Impacted products
| Name | shadow shadow <4.5 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2017-12424"
}
},
"description": "shadow\u662f\u4e00\u5957\u7528\u4e8e\u7ef4\u62a4Debian\u7cfb\u7edf\u7684\u5de5\u5177\u5957\u4ef6\u3002\r\n\r\nshadow 4.5\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7578\u5f62\u7684\u8f93\u5165\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u8be5\u5957\u4ef6\u5d29\u6e83\uff08\u7f13\u51b2\u533a\u6ea2\u51fa\u6216\u5185\u5b58\u635f\u574f\uff09\u3002",
"discovererName": "Manfred Richter \u003cmanfred@dri.at\u003e",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/shadow-maint/shadow/commit/954e3d2e7113e9ac06632aee3c69b8d818cc8952",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2017-27955",
"openTime": "2017-09-22",
"patchDescription": "shadow\u662f\u4e00\u5957\u7528\u4e8e\u7ef4\u62a4Debian\u7cfb\u7edf\u7684\u5de5\u5177\u5957\u4ef6\u3002\r\n\r\nshadow 4.5\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7578\u5f62\u7684\u8f93\u5165\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u8be5\u5957\u4ef6\u5d29\u6e83\uff08\u7f13\u51b2\u533a\u6ea2\u51fa\u6216\u5185\u5b58\u635f\u574f\uff09\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Shadow\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "shadow shadow \u003c4.5"
},
"referenceLink": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756630",
"serverity": "\u9ad8",
"submitTime": "2017-08-07",
"title": "Shadow\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}
FKIE_CVE-2017-12424
Vulnerability from fkie_nvd - Published: 2017-08-04 09:29 - Updated: 2026-05-13 00:24
Severity
Summary
In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| shadow_project | shadow | * | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:shadow_project:shadow:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47C73BF7-91C6-44B6-B55B-4477B6F66C04",
"versionEndExcluding": "4.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts."
},
{
"lang": "es",
"value": "En las versiones de Shadow anteriores a la 4.5, la herramienta newusers podr\u00eda utilizarse para manipular estructuras de datos internas de formas no permitidas por los desarrolladores. Las entradas manipuladas podr\u00edan llevar a ca\u00eddas (con un desbordamiento de b\u00fafer u otros tipos de corrupci\u00f3n de memoria) o a otro tipo de comportamiento sin especificar. Esto provoca un l\u00edmite de privilegios en, por ejemplo, ciertos entornos de hospedaje web en los que un Panel de Control permite que una cuenta de usuario sin privilegios cree subcuentas."
}
],
"id": "CVE-2017-12424",
"lastModified": "2026-05-13T00:24:29.033",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-04T09:29:00.187",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756630"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1266675"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/shadow-maint/shadow/commit/954e3d2e7113e9ac06632aee3c69b8d818cc8952"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00020.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201710-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756630"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1266675"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/shadow-maint/shadow/commit/954e3d2e7113e9ac06632aee3c69b8d818cc8952"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201710-16"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-MMPG-C26W-2PFG
Vulnerability from github – Published: 2022-05-13 01:11 – Updated: 2022-05-13 01:11
VLAI
Details
In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts.
Severity
9.8 (Critical)
{
"affected": [],
"aliases": [
"CVE-2017-12424"
],
"database_specific": {
"cwe_ids": [
"CWE-119"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-08-04T09:29:00Z",
"severity": "CRITICAL"
},
"details": "In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts.",
"id": "GHSA-mmpg-c26w-2pfg",
"modified": "2022-05-13T01:11:22Z",
"published": "2022-05-13T01:11:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12424"
},
{
"type": "WEB",
"url": "https://github.com/shadow-maint/shadow/commit/954e3d2e7113e9ac06632aee3c69b8d818cc8952"
},
{
"type": "WEB",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756630"
},
{
"type": "WEB",
"url": "https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1266675"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00020.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201710-16"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2017-12424
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2017-12424",
"description": "In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts.",
"id": "GSD-2017-12424",
"references": [
"https://www.suse.com/security/cve/CVE-2017-12424.html",
"https://ubuntu.com/security/CVE-2017-12424",
"https://advisories.mageia.org/CVE-2017-12424.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2017-12424"
],
"details": "In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts.",
"id": "GSD-2017-12424",
"modified": "2023-12-13T01:21:03.621487Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12424",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756630",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756630"
},
{
"name": "GLSA-201710-16",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-16"
},
{
"name": "https://github.com/shadow-maint/shadow/commit/954e3d2e7113e9ac06632aee3c69b8d818cc8952",
"refsource": "CONFIRM",
"url": "https://github.com/shadow-maint/shadow/commit/954e3d2e7113e9ac06632aee3c69b8d818cc8952"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1266675",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1266675"
},
{
"name": "[debian-lts-announce] 20210317 [SECURITY] [DLA 2596-1] shadow security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00020.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:shadow_project:shadow:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12424"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/shadow-maint/shadow/commit/954e3d2e7113e9ac06632aee3c69b8d818cc8952",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/shadow-maint/shadow/commit/954e3d2e7113e9ac06632aee3c69b8d818cc8952"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1266675",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1266675"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756630",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756630"
},
{
"name": "GLSA-201710-16",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201710-16"
},
{
"name": "[debian-lts-announce] 20210317 [SECURITY] [DLA 2596-1] shadow security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00020.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": true,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
},
"lastModifiedDate": "2021-03-23T20:02Z",
"publishedDate": "2017-08-04T09:29Z"
}
}
}
SUSE-SU-2017:2947-1
Vulnerability from csaf_suse - Published: 2017-11-08 07:50 - Updated: 2017-11-08 07:50Summary
Security update for shadow
Severity
Moderate
Notes
Title of the patch: Security update for shadow
Description of the patch: This update for shadow fixes several issues.
This security issue was fixed:
- CVE-2017-12424: The newusers tool could have been forced to manipulate
internal data structures in ways unintended by the authors. Malformed input may
have lead to crashes (with a buffer overflow or other memory corruption) or
other unspecified behaviors (bsc#1052261).
These non-security issues were fixed:
- bsc#1023895: Fixed man page to not contain invalid options and also prevent
warnings when using these options in certain settings
- bsc#980486: Reset user in /var/log/tallylog because of the usage of pam_tally2
Patchnames: SUSE-CAASP-ALL-2017-1829,SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1829,SUSE-SLE-DESKTOP-12-SP2-2017-1829,SUSE-SLE-DESKTOP-12-SP3-2017-1829,SUSE-SLE-RPI-12-SP2-2017-1829,SUSE-SLE-SERVER-12-SP2-2017-1829,SUSE-SLE-SERVER-12-SP3-2017-1829
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP2:shadow-4.2.1-27.3.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:shadow-4.2.1-27.3.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2:shadow-4.2.1-27.3.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2:shadow-4.2.1-27.3.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2:shadow-4.2.1-27.3.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2:shadow-4.2.1-27.3.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:shadow-4.2.1-27.3.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:shadow-4.2.1-27.3.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:shadow-4.2.1-27.3.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:shadow-4.2.1-27.3.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:shadow-4.2.1-27.3.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:shadow-4.2.1-27.3.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:shadow-4.2.1-27.3.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:shadow-4.2.1-27.3.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:shadow-4.2.1-27.3.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:shadow-4.2.1-27.3.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:shadow-4.2.1-27.3.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:shadow-4.2.1-27.3.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:shadow-4.2.1-27.3.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
10 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for shadow",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for shadow fixes several issues.\n\nThis security issue was fixed:\n\n- CVE-2017-12424: The newusers tool could have been forced to manipulate\n internal data structures in ways unintended by the authors. Malformed input may\n have lead to crashes (with a buffer overflow or other memory corruption) or\n other unspecified behaviors (bsc#1052261).\n\nThese non-security issues were fixed:\n\n- bsc#1023895: Fixed man page to not contain invalid options and also prevent\n warnings when using these options in certain settings\n- bsc#980486: Reset user in /var/log/tallylog because of the usage of pam_tally2\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-CAASP-ALL-2017-1829,SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1829,SUSE-SLE-DESKTOP-12-SP2-2017-1829,SUSE-SLE-DESKTOP-12-SP3-2017-1829,SUSE-SLE-RPI-12-SP2-2017-1829,SUSE-SLE-SERVER-12-SP2-2017-1829,SUSE-SLE-SERVER-12-SP3-2017-1829",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_2947-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2017:2947-1",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172947-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2017:2947-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2017-November/003379.html"
},
{
"category": "self",
"summary": "SUSE Bug 1023895",
"url": "https://bugzilla.suse.com/1023895"
},
{
"category": "self",
"summary": "SUSE Bug 1052261",
"url": "https://bugzilla.suse.com/1052261"
},
{
"category": "self",
"summary": "SUSE Bug 980486",
"url": "https://bugzilla.suse.com/980486"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-12424 page",
"url": "https://www.suse.com/security/cve/CVE-2017-12424/"
}
],
"title": "Security update for shadow",
"tracking": {
"current_release_date": "2017-11-08T07:50:15Z",
"generator": {
"date": "2017-11-08T07:50:15Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2017:2947-1",
"initial_release_date": "2017-11-08T07:50:15Z",
"revision_history": [
{
"date": "2017-11-08T07:50:15Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "shadow-4.2.1-27.3.3.aarch64",
"product": {
"name": "shadow-4.2.1-27.3.3.aarch64",
"product_id": "shadow-4.2.1-27.3.3.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "shadow-4.2.1-27.3.3.ppc64le",
"product": {
"name": "shadow-4.2.1-27.3.3.ppc64le",
"product_id": "shadow-4.2.1-27.3.3.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "shadow-4.2.1-27.3.3.s390x",
"product": {
"name": "shadow-4.2.1-27.3.3.s390x",
"product_id": "shadow-4.2.1-27.3.3.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "shadow-4.2.1-27.3.3.x86_64",
"product": {
"name": "shadow-4.2.1-27.3.3.x86_64",
"product_id": "shadow-4.2.1-27.3.3.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP2",
"product_id": "SUSE Linux Enterprise Desktop 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "shadow-4.2.1-27.3.3.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP2",
"product_id": "SUSE Linux Enterprise Desktop 12 SP2:shadow-4.2.1-27.3.3.x86_64"
},
"product_reference": "shadow-4.2.1-27.3.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "shadow-4.2.1-27.3.3.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:shadow-4.2.1-27.3.3.x86_64"
},
"product_reference": "shadow-4.2.1-27.3.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "shadow-4.2.1-27.3.3.aarch64 as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:shadow-4.2.1-27.3.3.aarch64"
},
"product_reference": "shadow-4.2.1-27.3.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "shadow-4.2.1-27.3.3.aarch64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:shadow-4.2.1-27.3.3.aarch64"
},
"product_reference": "shadow-4.2.1-27.3.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "shadow-4.2.1-27.3.3.ppc64le as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:shadow-4.2.1-27.3.3.ppc64le"
},
"product_reference": "shadow-4.2.1-27.3.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "shadow-4.2.1-27.3.3.s390x as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:shadow-4.2.1-27.3.3.s390x"
},
"product_reference": "shadow-4.2.1-27.3.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "shadow-4.2.1-27.3.3.x86_64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:shadow-4.2.1-27.3.3.x86_64"
},
"product_reference": "shadow-4.2.1-27.3.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "shadow-4.2.1-27.3.3.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:shadow-4.2.1-27.3.3.aarch64"
},
"product_reference": "shadow-4.2.1-27.3.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "shadow-4.2.1-27.3.3.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:shadow-4.2.1-27.3.3.ppc64le"
},
"product_reference": "shadow-4.2.1-27.3.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "shadow-4.2.1-27.3.3.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:shadow-4.2.1-27.3.3.s390x"
},
"product_reference": "shadow-4.2.1-27.3.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "shadow-4.2.1-27.3.3.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:shadow-4.2.1-27.3.3.x86_64"
},
"product_reference": "shadow-4.2.1-27.3.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "shadow-4.2.1-27.3.3.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:shadow-4.2.1-27.3.3.aarch64"
},
"product_reference": "shadow-4.2.1-27.3.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "shadow-4.2.1-27.3.3.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:shadow-4.2.1-27.3.3.ppc64le"
},
"product_reference": "shadow-4.2.1-27.3.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "shadow-4.2.1-27.3.3.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:shadow-4.2.1-27.3.3.s390x"
},
"product_reference": "shadow-4.2.1-27.3.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "shadow-4.2.1-27.3.3.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:shadow-4.2.1-27.3.3.x86_64"
},
"product_reference": "shadow-4.2.1-27.3.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "shadow-4.2.1-27.3.3.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:shadow-4.2.1-27.3.3.aarch64"
},
"product_reference": "shadow-4.2.1-27.3.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "shadow-4.2.1-27.3.3.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:shadow-4.2.1-27.3.3.ppc64le"
},
"product_reference": "shadow-4.2.1-27.3.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "shadow-4.2.1-27.3.3.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:shadow-4.2.1-27.3.3.s390x"
},
"product_reference": "shadow-4.2.1-27.3.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "shadow-4.2.1-27.3.3.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:shadow-4.2.1-27.3.3.x86_64"
},
"product_reference": "shadow-4.2.1-27.3.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-12424",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-12424"
}
],
"notes": [
{
"category": "general",
"text": "In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP2:shadow-4.2.1-27.3.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:shadow-4.2.1-27.3.3.x86_64",
"SUSE Linux Enterprise Server 12 SP2:shadow-4.2.1-27.3.3.aarch64",
"SUSE Linux Enterprise Server 12 SP2:shadow-4.2.1-27.3.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:shadow-4.2.1-27.3.3.s390x",
"SUSE Linux Enterprise Server 12 SP2:shadow-4.2.1-27.3.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:shadow-4.2.1-27.3.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:shadow-4.2.1-27.3.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:shadow-4.2.1-27.3.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:shadow-4.2.1-27.3.3.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:shadow-4.2.1-27.3.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:shadow-4.2.1-27.3.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:shadow-4.2.1-27.3.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:shadow-4.2.1-27.3.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:shadow-4.2.1-27.3.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:shadow-4.2.1-27.3.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:shadow-4.2.1-27.3.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:shadow-4.2.1-27.3.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:shadow-4.2.1-27.3.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-12424",
"url": "https://www.suse.com/security/cve/CVE-2017-12424"
},
{
"category": "external",
"summary": "SUSE Bug 1052261 for CVE-2017-12424",
"url": "https://bugzilla.suse.com/1052261"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP2:shadow-4.2.1-27.3.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:shadow-4.2.1-27.3.3.x86_64",
"SUSE Linux Enterprise Server 12 SP2:shadow-4.2.1-27.3.3.aarch64",
"SUSE Linux Enterprise Server 12 SP2:shadow-4.2.1-27.3.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:shadow-4.2.1-27.3.3.s390x",
"SUSE Linux Enterprise Server 12 SP2:shadow-4.2.1-27.3.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:shadow-4.2.1-27.3.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:shadow-4.2.1-27.3.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:shadow-4.2.1-27.3.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:shadow-4.2.1-27.3.3.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:shadow-4.2.1-27.3.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:shadow-4.2.1-27.3.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:shadow-4.2.1-27.3.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:shadow-4.2.1-27.3.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:shadow-4.2.1-27.3.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:shadow-4.2.1-27.3.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:shadow-4.2.1-27.3.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:shadow-4.2.1-27.3.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:shadow-4.2.1-27.3.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP2:shadow-4.2.1-27.3.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:shadow-4.2.1-27.3.3.x86_64",
"SUSE Linux Enterprise Server 12 SP2:shadow-4.2.1-27.3.3.aarch64",
"SUSE Linux Enterprise Server 12 SP2:shadow-4.2.1-27.3.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:shadow-4.2.1-27.3.3.s390x",
"SUSE Linux Enterprise Server 12 SP2:shadow-4.2.1-27.3.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:shadow-4.2.1-27.3.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:shadow-4.2.1-27.3.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:shadow-4.2.1-27.3.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:shadow-4.2.1-27.3.3.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:shadow-4.2.1-27.3.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:shadow-4.2.1-27.3.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:shadow-4.2.1-27.3.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:shadow-4.2.1-27.3.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:shadow-4.2.1-27.3.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:shadow-4.2.1-27.3.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:shadow-4.2.1-27.3.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:shadow-4.2.1-27.3.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:shadow-4.2.1-27.3.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-11-08T07:50:15Z",
"details": "moderate"
}
],
"title": "CVE-2017-12424"
}
]
}
WID-SEC-W-2025-2505
Vulnerability from csaf_certbund - Published: 2017-11-08 23:00 - Updated: 2025-11-06 23:00Summary
Shadow: Schwachstelle ermöglicht Privilegieneskalation
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Shadow stellt auf Unix/Linux Systemen einen Mechanismus bereit, um Passwörter von Benutzer als Hash zu speichern.
Angriff: Ein lokaler Angreifer kann eine Schwachstelle in Shadow ausnutzen, um seine Privilegien zu erhöhen.
Betroffene Betriebssysteme: - Linux
- UNIX
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux Enterprise Desktop 12 SP3
SUSE / Linux Enterprise Desktop
|
cpe:/o:suse:linux_enterprise_desktop:12:sp3
|
12 SP3 | |
|
SUSE Linux Enterprise Server 12 SP3
SUSE / Linux Enterprise Server
|
cpe:/o:suse:linux_enterprise_server:12:sp3
|
12 SP3 | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE Linux Enterprise Desktop 12 SP2
SUSE / Linux Enterprise Desktop
|
cpe:/o:suse:linux_enterprise_desktop:12-sp2
|
12 SP2 | |
|
Open Source shadow
Open Source
|
cpe:/a:open_source:shadow:-
|
— | |
|
SUSE Linux Enterprise Server 12 SP2
SUSE / Linux Enterprise Server
|
cpe:/o:suse:linux_enterprise_server:12-sp2
|
12 SP2 | |
|
Dell NetWorker Virtual Edition
Dell / NetWorker
|
cpe:/a:dell:networker:virtual_edition
|
Virtual Edition | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— |
References
5 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Shadow stellt auf Unix/Linux Systemen einen Mechanismus bereit, um Passw\u00f6rter von Benutzer als Hash zu speichern.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann eine Schwachstelle in Shadow ausnutzen, um seine Privilegien zu erh\u00f6hen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-2505 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2017/wid-sec-w-2025-2505.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-2505 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2505"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SUSE-SU-2017:2947-1 vom 2017-11-08",
"url": "https://www.suse.com/de-de/support/update/announcement/2017/suse-su-20172947-1/"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5254-1 vom 2022-01-27",
"url": "https://ubuntu.com/security/notices/USN-5254-1"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2023-268 vom 2025-11-06",
"url": "https://www.dell.com/support/kbdoc/de-de/000216397/dsa-2023-268-security-update-for-dell-avamar-dell-networker-virtual-edition-nve-and-dell-powerprotect-dp-series-appliance-dell-integrated-data-protection-appliance-idpa-security-update-for-multiple-vulnerabilities"
}
],
"source_lang": "en-US",
"title": "Shadow: Schwachstelle erm\u00f6glicht Privilegieneskalation",
"tracking": {
"current_release_date": "2025-11-06T23:00:00.000+00:00",
"generator": {
"date": "2025-11-07T08:57:03.162+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-2505",
"initial_release_date": "2017-11-08T23:00:00.000+00:00",
"revision_history": [
{
"date": "2017-11-08T23:00:00.000+00:00",
"number": "1",
"summary": "Initial Release"
},
{
"date": "2017-11-08T23:00:00.000+00:00",
"number": "2",
"summary": "Version nicht vorhanden"
},
{
"date": "2022-01-27T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-11-06T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Dell aufgenommen"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Dell Avamar",
"product": {
"name": "Dell Avamar",
"product_id": "T039664",
"product_identification_helper": {
"cpe": "cpe:/a:dell:avamar:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "Virtual Edition",
"product": {
"name": "Dell NetWorker Virtual Edition",
"product_id": "T048226",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:virtual_edition"
}
}
}
],
"category": "product_name",
"name": "NetWorker"
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source shadow",
"product": {
"name": "Open Source shadow",
"product_id": "T011189",
"product_identification_helper": {
"cpe": "cpe:/a:open_source:shadow:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "12 SP3",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "T010554",
"product_identification_helper": {
"cpe": "cpe:/o:suse:linux_enterprise_desktop:12:sp3"
}
}
},
{
"category": "product_version",
"name": "12 SP2",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP2",
"product_id": "T010561",
"product_identification_helper": {
"cpe": "cpe:/o:suse:linux_enterprise_desktop:12-sp2"
}
}
}
],
"category": "product_name",
"name": "Linux Enterprise Desktop"
},
{
"branches": [
{
"category": "product_version",
"name": "12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2",
"product_id": "T008982",
"product_identification_helper": {
"cpe": "cpe:/o:suse:linux_enterprise_server:12-sp2"
}
}
},
{
"category": "product_version",
"name": "12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3",
"product_id": "T010553",
"product_identification_helper": {
"cpe": "cpe:/o:suse:linux_enterprise_server:12:sp3"
}
}
}
],
"category": "product_name",
"name": "Linux Enterprise Server"
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-12424",
"product_status": {
"known_affected": [
"T010554",
"T010553",
"T000126",
"T010561",
"T011189",
"T008982",
"T048226",
"T039664"
]
},
"release_date": "2017-11-08T23:00:00.000+00:00",
"title": "CVE-2017-12424"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…