Oval Definition:oval:org.opensuse.security:def:201816588
Revision Date:2022-09-02Version:1
Title:CVE-2018-16588
Description:

Privilege escalation can occur in the SUSE useradd.c code in useradd, as distributed in the SUSE shadow package through 4.2.1-27.9.1 for SUSE Linux Enterprise 12 (SLE-12) and through 4.5-5.39 for SUSE Linux Enterprise 15 (SLE-15). Non-existing intermediate directories are created with mode 0777 during user creation. Given that they are world-writable, local attackers might use this for privilege escalation and other unspecified attacks. NOTE: this would affect non-SUSE users who took useradd.c code from a 2014-04-02 upstream pull request; however, no non-SUSE distribution is known to be affected.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2018-16588
Mitre CVE-2018-16588
SUSE CVE-2018-16588
openSUSE-SU-2018:2852-1
openSUSE-SU-2018:2885-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 42.3
SUSE Linux Enterprise Server for SAP Applications 12 SP3
SUSE Linux Enterprise Server for SAP Applications 12 SP4
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud Crowbar 9
Product(s):
Definition Synopsis
  • openSUSE Leap 42.3 is installed
  • AND Package Information
  • shadow-4.2.1-20 is installed
  • AND shadow is signed with openSUSE key
    • Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • shadow-4.5-lp150.6.3 is installed
  • AND shadow is signed with openSUSE key
    • Definition Synopsis
  • Release Information
  • SUSE OpenStack Cloud 9 is installed
  • OR SUSE OpenStack Cloud Crowbar 9 is installed
  • AND shadow is affected
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Server for SAP Applications 12 SP3 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 12 SP4 is installed
  • AND shadow is affected
    • Definition Synopsis
  • Release Information
  • SUSE OpenStack Cloud 8 is installed
  • OR SUSE OpenStack Cloud Crowbar 8 is installed
  • AND shadow is affected
    • Definition Synopsis
  • SUSE Linux Enterprise Server for SAP Applications 12 SP4 is installed
  • AND shadow is affected
    • BACK