CVE-2018-16588

Name	CVE-2018-16588
Description	Privilege escalation can occur in the SUSE useradd.c code in useradd, as distributed in the SUSE shadow package through 4.2.1-27.9.1 for SUSE Linux Enterprise 12 (SLE-12) and through 4.5-5.39 for SUSE Linux Enterprise 15 (SLE-15). Non-existing intermediate directories are created with mode 0777 during user creation. Given that they are world-writable, local attackers might use this for privilege escalation and other unspecified attacks. NOTE: this would affect non-SUSE users who took useradd.c code from a 2014-04-02 upstream pull request; however, no non-SUSE distribution is known to be affected.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
shadow (PTS)	jessie, jessie (lts)	1:4.2-3+deb8u5	fixed
	stretch (security)	1:4.4-4.1+deb9u1	fixed
	stretch (lts), stretch	1:4.4-4.1+deb9u2	fixed
	buster, buster (lts)	1:4.5-1.1+deb10u1	fixed
	bullseye	1:4.8.1-1	fixed
	bookworm	1:4.13+dfsg1-1	fixed
	sid, trixie	1:4.16.0-5	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
shadow	source	(unstable)	(not affected)

Notes

- shadow <not-affected> (SuSE-specific patch)
https://bugzilla.suse.com/show_bug.cgi?id=1106914
The SUSE specific patch was a first iteration of https://github.com/shadow-maint/shadow/pull/2