SB2017022502 - Integer overflow in shadow (Alpine package)
Published: February 25, 2017
Security Bulletin ID
SB2017022502
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Integer overflow (CVE-ID: CVE-2016-6252)
The vulnerability allows a local user to execute arbitrary code on the target system with escalated privileges.
The vulnerability exists due to integer overflow in shadow-utils. A local user can execute arbitrary code on the target system with root privileges.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=268b69b781cc266d5eaafc5b4fd4a2ca9d54c2d9
- https://git.alpinelinux.org/aports/commit/?id=ff09ccd9982cfbe7390337e71edf4af83eedd65d
- https://git.alpinelinux.org/aports/commit/?id=fe20e8da2f8b7fb6f208cccf8f369400d947a6a2
- https://git.alpinelinux.org/aports/commit/?id=e626ce8c3c4d65d1a587ebfe27166755c699bb8c
- https://git.alpinelinux.org/aports/commit/?id=27e745e6b16e354f98de885984bee4ccce9e03b0
- https://git.alpinelinux.org/aports/commit/?id=e9a92d060e2e59ac087373af9b81546c2a761d07
- https://git.alpinelinux.org/aports/commit/?id=0d87734696c2c04083fae90ef045d87926d35ebd