Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2013-4235

Publication date 3 December 2019

Last updated 24 July 2024


Ubuntu priority

Cvss 3 Severity Score

4.7 · Medium

Score breakdown

shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees

Read the notes from the security team

Status

Package Ubuntu Release Status
shadow 24.10 oracular
Not affected
24.04 LTS noble
Not affected
23.10 mantic
Not affected
23.04 lunar
Not affected
22.10 kinetic
Fixed 1:4.11.1+dfsg1-2ubuntu1.1
22.04 LTS jammy
Fixed 1:4.8.1-2ubuntu2.1
21.10 impish Ignored end of life
21.04 hirsute Ignored end of life
20.10 groovy Ignored end of life
20.04 LTS focal
Vulnerable
19.10 eoan Ignored end of life
19.04 disco Ignored end of life
18.10 cosmic Ignored end of life
18.04 LTS bionic
Vulnerable
17.10 artful Ignored end of life
17.04 zesty Ignored end of life
16.10 yakkety Ignored end of life
16.04 LTS xenial
Vulnerable
15.10 wily Ignored end of life
15.04 vivid Ignored end of life
14.10 utopic Ignored end of life
14.04 LTS trusty
Vulnerable
12.04 LTS precise Ignored end of life
10.04 LTS lucid Ignored end of life

Notes


ccdm94

The original issue associated with this CVE is issue 317, which provides a fix through commit dcca865. However, another pull request which references this issue was opened at a later date, this being PR 545. This pull request is said to actually address the issue while commit dcca865 was only a work around to the problem. Additionally, from the first comment that can be seen in PR 483, it seems like commit b447216 is also needed in order to completely fix this issue. Three commits fixing regressions introduced by one of the fix commits have been added after release 4.12.2, which is considered by upstream as the fixed release. These commit are: f3bdb28, 10cd68e and cde221b. They are a part of version 4.13 of shadow. One of the commits that needs to be applied in order to fix this CVE introduces a regression in focal and earlier, as seen by launchpad bug 1998169. The commit which seems to cause the issue is commit f3bdb28. Flag AT_SYMLINK_NOFOLLOW is not implemented in the kernel for function fchmodat, and, for focal and earlier, glibc does not contain commit 752dd17443, which fixes this problem. Therefore, useradd was not behaving correctly in focal and earlier once the fix for this issue was applied.

Severity score breakdown

Parameter Value
Base score 4.7 · Medium
Attack vector Local
Attack complexity High
Privileges required Low
User interaction None
Scope Unchanged
Confidentiality None
Integrity impact High
Availability impact None
Vector CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N