Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used "group blacklisting" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
shadow 安全特征问题漏洞
Vulnerability Description
shadow是一套用于维护Debian系统的工具套件。 shadow 4.5版本中存在安全特征问题漏洞。攻击者可利用该漏洞访问文件系统路径。
CVSS Information
N/A
Vulnerability Type
N/A