Main Vulnerability Database SB2025072235

SB2025072235 - Fedora 42 update for shadow-utils

Published: July 22, 2025

Security Bulletin ID SB2025072235

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Adjecent network

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2024-56433)

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to shadow-utils establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users).

Remediation

Install update from vendor's website.

References

https://bodhi.fedoraproject.org/updates/FEDORA-2025-2c653c3a82