Home CVE Database CVE-2017-12424

CVE-2017-12424

Description

In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts.

Priority: HIGH
CVSS v3: 9.8
Publish Date: Aug 4, 2017
Related ID: --
CVSS v2: Critical
Modified Date: Aug 4, 2017

Find out more about CVE-2017-12424 from the MITRE-CVE dictionary and NIST NVD


Products Affected

Login may be required to access defects or downloads.

Related Products

Product Name Status Defect Fixed Downloads
Linux 7 SCP Not Vulnerable -- -- --
Linux 7 CGP Not Vulnerable -- -- --

Comments

shadow

Live chat
Online