vulnerability

Ubuntu: USN-3276-2: shadow regression

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:L/AC:M/Au:S/C:C/I:C/A:C)	May 16, 2017	May 18, 2017	Feb 19, 2025

Severity

CVSS

(AV:L/AC:M/Au:S/C:C/I:C/A:C)

Published

May 16, 2017

Added

May 18, 2017

Modified

Feb 19, 2025

Description

USN-3276-1 intended to fix a vulnerability in su. The solution introduced a regression in su signal handling. This update modifies the security fix. We apologize for the inconvenience.

Original advisory details:

Sebastian Krahmer discovered integer overflows in shadow utilities. A local attacker could possibly cause them to crash or potentially gain privileges via crafted input. (CVE-2016-6252)

Tobias StÃ¶ckmann discovered a race condition in su. A local attacker could cause su to send SIGKILL to other processes with root privileges. (CVE-2017-2616)

Solutions

ubuntu-upgrade-loginubuntu-upgrade-passwdubuntu-upgrade-uidmap

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today