{"id":"MGASA-2017-0024","summary":"Updated shadow-utils packages fix security vulnerabilities","details":"It was found that shadow-utils-4.2.1 had a potentially unsafe use of\ngetlogin with the concern that the utmp entry might have a spoofed\nusername associated with a correct uid (CVE-2016-6251).\n\nIt was found that shadow-utils-4.2.1 had an incorrect integer handling\nproblem where it looks like the int wrap is exploitable as a LPE, as the\nkernel is using 32bit uid's that are truncated from unsigned longs\n(64bit on x64) as returned by simple_strtoul() [map_write()].\n(CVE-2016-6252).\n","modified":"2026-02-01T06:34:12.876630Z","published":"2017-01-27T20:30:52Z","related":["CVE-2016-6251","CVE-2016-6252"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0024.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=18984"},{"type":"REPORT","url":"http://openwall.com/lists/oss-security/2016/07/20/2"}],"affected":[{"package":{"name":"shadow-utils","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/shadow-utils?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2.1-6.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0024.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}