Arch Linux Security Advisory ASA-201912-4
========================================
Severity: High
Date    : 2019-12-18
CVE-ID  : CVE-2019-19882
Package : shadow
Type    : privilege escalation
Remote  : No
Link    : https://security.archlinux.org/AVG-1079

Summary
======
The package shadow before version 4.8-1 is vulnerable to privilege
escalation.

Resolution
=========
Upgrade to 4.8-1.

# pacman -Syu "shadow>=4.8-1"

The problem has been fixed upstream in version 4.8.

Workaround
=========
None.

Description
==========
shadow 4.8, in certain circumstances affecting at least Gentoo, Arch
Linux, and Void Linux, allows local users to obtain root access because
setuid programs are misconfigured. Specifically, this affects shadow
4.8 when compiled using --with-libpam but without explicitly passing
--disable-account-tools-setuid, and without a PAM configuration
suitable for use with setuid account management tools. This combination
leads to account management tools (groupadd, groupdel, groupmod,
useradd, userdel, usermod) that can easily be used by unprivileged
local users to escalate privileges to root in multiple ways. This issue
became much more relevant in approximately December 2019 when an
unrelated bug was fixed (i.e., the chmod calls to suidusbins were fixed
in the upstream Makefile which is now included in the release version
4.8).

Impact
=====
A local authenticated user can escalate privileges by using setuid
binaries.

References
=========
https://bugs.archlinux.org/task/64836
https://bugs.gentoo.org/show_bug.cgi
https://github.com/shadow-maint/shadow/commit/edf7547ad5aa650be868cf2dac58944773c12d75
https://github.com/shadow-maint/shadow/pull/199
https://github.com/void-linux/void-packages/pull/17580
https://security.archlinux.org/CVE-2019-19882

ArchLinux: 201912-4: shadow: privilege escalation

December 18, 2019

Summary

shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affects shadow 4.8 when compiled using --with-libpam but without explicitly passing --disable-account-tools-setuid, and without a PAM configuration suitable for use with setuid account management tools. This combination leads to account management tools (groupadd, groupdel, groupmod, useradd, userdel, usermod) that can easily be used by unprivileged local users to escalate privileges to root in multiple ways. This issue became much more relevant in approximately December 2019 when an unrelated bug was fixed (i.e., the chmod calls to suidusbins were fixed in the upstream Makefile which is now included in the release version 4.8).

Resolution

Upgrade to 4.8-1. # pacman -Syu "shadow>=4.8-1"
The problem has been fixed upstream in version 4.8.

References

https://bugs.archlinux.org/task/64836 https://bugs.gentoo.org/show_bug.cgi https://github.com/shadow-maint/shadow/commit/edf7547ad5aa650be868cf2dac58944773c12d75 https://github.com/shadow-maint/shadow/pull/199 https://github.com/void-linux/void-packages/pull/17580 https://security.archlinux.org/CVE-2019-19882

Severity
Package : shadow
Type : privilege escalation
Remote : No
Link : https://security.archlinux.org/AVG-1079

Workaround

None.

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved