What is the severity of CVE-2018-16588?

The severity of CVE-2018-16588 is high with a CVSS score of 7.8.

How does CVE-2018-16588 occur?

CVE-2018-16588 occurs due to privilege escalation in the SUSE useradd.c code.

Which software is affected by CVE-2018-16588?

The SUSE shadow package versions 4.2.1-27.9.1 and 4.5-5.39 for SUSE Linux Enterprise 12 (SLE-12) and SUSE Linux Enterprise 15 (SLE-15) are affected.

How can I fix CVE-2018-16588?

To fix CVE-2018-16588, update the SUSE shadow package to a version that includes the necessary security patches.

Where can I find more information about CVE-2018-16588?

More information about CVE-2018-16588 can be found at the following reference: http://lists.opensuse.org/opensuse-security-announce/2018-09/msg00073.html

Vulnerability/
CVE-2018-16588

high

7.8

CWE

732

26/9/2018

3/10/2019

CVE-2018-16588

First published: Wed Sep 26 2018(Updated: )

Privilege escalation can occur in the SUSE useradd.c code in useradd, as distributed in the SUSE shadow package through 4.2.1-27.9.1 for SUSE Linux Enterprise 12 (SLE-12) and through 4.5-5.39 for SUSE Linux Enterprise 15 (SLE-15). Non-existing intermediate directories are created with mode 0777 during user creation. Given that they are world-writable, local attackers might use this for privilege escalation and other unspecified attacks. NOTE: this would affect non-SUSE users who took useradd.c code from a 2014-04-02 upstream pull request; however, no non-SUSE distribution is known to be affected.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
SUSE shadow	<=4.2.1-27.9.1
SUSE Linux Enterprise	=12.0
SUSE shadow	<=4.5-5.39
SUSE Linux Enterprise	=15.0

Never miss a vulnerability like this again

Reference Links

http://lists.opensuse.org/opensuse-security-announce/2018-09/msg00073.html

Frequently Asked Questions

What is the severity of CVE-2018-16588?
The severity of CVE-2018-16588 is high with a CVSS score of 7.8.
How does CVE-2018-16588 occur?
CVE-2018-16588 occurs due to privilege escalation in the SUSE useradd.c code.
Which software is affected by CVE-2018-16588?
The SUSE shadow package versions 4.2.1-27.9.1 and 4.5-5.39 for SUSE Linux Enterprise 12 (SLE-12) and SUSE Linux Enterprise 15 (SLE-15) are affected.
How can I fix CVE-2018-16588?
To fix CVE-2018-16588, update the SUSE shadow package to a version that includes the necessary security patches.
Where can I find more information about CVE-2018-16588?
More information about CVE-2018-16588 can be found at the following reference: http://lists.opensuse.org/opensuse-security-announce/2018-09/msg00073.html

collector/nvd-index
agent/weakness
agent/references
agent/author
agent/severity
agent/type
agent/description
agent/tags
agent/event
agent/softwarecombine
agent/first-publish-date
agent/last-modified-date
vendor/suse
canonical/suse shadow
version/suse shadow/4.2.1-27.9.1
canonical/suse linux enterprise
version/suse linux enterprise/12.0
version/suse shadow/4.5-5.39
version/suse linux enterprise/15.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.