CVE-2016-6252 Shadow Project CVE debrief

Who should care

Linux system administrators, security teams, and distribution maintainers responsible for shadow packages or systems that use newuidmap. Environments running shadow 4.2.1 should treat this as a priority patching item because local users may be able to escalate privileges.

Technical summary

The NVD record identifies shadow 4.2.1 as vulnerable and describes an integer overflow in newuidmap triggered by crafted input. The result is a local privilege-escalation path for an attacker with local access and low privileges. NVD maps the issue to CVSS 3.0 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H and CWE-190.

Defensive priority

High. This is a local attack that can lead to full compromise of confidentiality, integrity, and availability on the affected host once an attacker has local access.

Recommended defensive actions

• Verify whether any systems run shadow 4.2.1 or vendor builds derived from that release.
• Apply the distribution or vendor update referenced by the applicable advisory, such as Debian DSA-3793.
• Review package management and configuration records to confirm the fixed shadow package is deployed.
• Restrict untrusted local access where practical until remediation is complete.
• Monitor privileged account activity and changes on hosts that may have been exposed before patching.

Evidence notes

This debrief is based on the supplied NVD CVE record and its listed references. The record describes 'Integer overflow in shadow 4.2.1' and links the issue to crafted input passed to newuidmap. It also provides the CVSS 3.0 vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, the primary weakness CWE-190, and remediation references from Debian, openwall oss-security, SUSE Bugzilla, the shadow-maint GitHub issue, SecurityFocus, and Gentoo.

Official resources