vulnerability

Ubuntu: USN-5745-2: shadow regression

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:L/AC:M/Au:S/C:C/I:C/A:N)	Nov 29, 2022	Nov 30, 2022	Feb 19, 2025

Severity

CVSS

(AV:L/AC:M/Au:S/C:C/I:C/A:N)

Published

Nov 29, 2022

Added

Nov 30, 2022

Modified

Feb 19, 2025

Description

USN-5745-1 fixed vulnerabilities in shadow. Unfortunately that update introduced a regression that caused useradd to behave incorrectly in Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. This update reverts the security fix pending further investigation.

We apologize for the inconvenience.

Original advisory details:

Florian Weimer discovered that shadow was not properly copying and removing user directory trees, which could lead to a race condition. A local attacker could possibly use this issue to setup a symlink attack and alter or remove directories without authorization.

Solutions

ubuntu-upgrade-loginubuntu-upgrade-passwdubuntu-upgrade-ubuntuubuntu-upgrade-uidmap

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today