- Description
- shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.
- Source
- cve@mitre.org
- NVD status
- Received
- CNA Tags
- disputed
CVSS 3.1
- Type
- Secondary
- Base score
- 3.6
- Impact score
- 2.5
- Exploitability score
- 1
- Vector string
- CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
- Severity
- LOW
- cve@mitre.org
- CWE-1188
- Hype score
- Not currently trending
CVE-2024-56433 Default /etc/subuid Behavior in Shadow-Utils Allows Account Takeover Shadow-utils version 4.4 through 4.17.0 sets a default behavior in /etc/subuid. This default range (like uid 100000 to 165535 fo... https://t.co/dX5gByOOW8
@VulmonFeeds
26 Dec 2024
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-56433 shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realisti… https://t.co/fPROkBeb2i
@CVEnew
26 Dec 2024
625 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes