[ GLSA 202008-09 ] Shadow

[GLSA]

Gentoo Linux Security Advisory

Title: Shadow: Privilege escalation (GLSA 202008-09)
Severity: high
Exploitable: local
Date: 2020-08-25
Bug(s): #702252
ID: 202008-09

Synopsis

Multiple Shadow utilities were installed with setuid permissions,
allowing possible root privilege escalation.


Background

Shadow is a set of tools to deal with user accounts.

Affected Packages

Package: sys-apps/shadow
Vulnerable: < 4.8-r3
Unaffected: >= 4.8-r3
Architectures: All supported architectures


Description

When Shadow was installed with the PAM use flag, setuid binaries
provided by Shadow were not properly restricted.


Impact

A local attacker could escalate privileges to root.

Workaround

There is no known workaround at this time.

Resolution

All Shadow users should upgrade to the latest version: