FKIE_CVE-2024-56433

Vulnerability from fkie_nvd - Published: 2024-12-26 09:15 - Updated: 2024-12-26 09:15
Severity ?
3.6 (Low) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
Summary
shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.
References
cve@mitre.orghttps://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241
cve@mitre.orghttps://github.com/shadow-maint/shadow/issues/1157
cve@mitre.orghttps://github.com/shadow-maint/shadow/releases/tag/4.4
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [
    {
      "sourceIdentifier": "cve@mitre.org",
      "tags": [
        "disputed"
      ]
    }
  ],
  "descriptions": [
    {
      "lang": "en",
      "value": "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid."
    },
    {
      "lang": "es",
      "value": "shadow-utils (tambi\u00e9n conocido como shadow) 4.4 a 4.17.0 establece un comportamiento predeterminado para /etc/subuid (por ejemplo, uid 100000 a 165535 para la primera cuenta de usuario) que puede entrar en conflicto de manera realista con los uid de los usuarios definidos en redes administradas localmente, lo que puede llevar a la apropiaci\u00f3n de cuentas, por ejemplo, al aprovechar newuidmap para acceder a un directorio de inicio de NFS (o recursos del mismo host en el caso de inicios de sesi\u00f3n remotos por parte de estos usuarios de la red local). NOTA: tambi\u00e9n se puede argumentar que los administradores del sistema no deber\u00edan haber asignado uid, dentro de las redes locales, que est\u00e9n dentro del rango que puede aparecer en /etc/subuid."
    }
  ],
  "id": "CVE-2024-56433",
  "lastModified": "2024-12-26T09:15:07.267",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 3.6,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 2.5,
        "source": "cve@mitre.org",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-12-26T09:15:07.267",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/shadow-maint/shadow/issues/1157"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/shadow-maint/shadow/releases/tag/4.4"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-1188"
        }
      ],
      "source": "cve@mitre.org",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.