VDB

GCVE-VVD-MAGEIA-2017-24

GCVE-VVD-MAGEIA-2017-24
Advisory Published
Vulnetix · Advisory published June 10, 2017
It was found that shadow-utils-4.2.1 had a potentially unsafe use of getlogin with the concern that the utmp entry might have a spoofed username associated with a correct uid (CVE-2016-6251). It was found that shadow-utils-4.2.1 had an incorrect integer handling problem where it looks like the int wrap is exploitable as a LPE, as the kernel is using 32bit uid's that are truncated from unsigned longs (64bit on x64) as returned by simple_strtoul() [map_write()]. (CVE-2016-6252).
Download JSON Open in Console

Affected Products

VendorProductVersionsPlatforms
Mageiathunderbird0 (affected), 52.1.1-1.mga5 (unaffected)
Mageiathunderbird-l10n0 (affected), 52.1.1-1.mga5 (unaffected)
Mageiashadow-utils0 (affected), 4.2.1-6.mga5 (unaffected), 0 (affected), 4.2.1-6.mga5 (unaffected)

Aliases

CVE-2016-6252CVE-2016-6251

Transitive aliases

GHSA-8rg4-9fq3-cf7gCNVD-2016-05635EUVD-2016-7182SUSE-SU-2018:1997-2GSD-2016-6252SUSE-SU-2018:1995-1GSD-2016-6251SUSE-SU-2018:1997-1VVD-GENTOO-2017-620510CNVD-2016-05634EUVD-2016-7181

References

Updated shadow-utils packages fix security vulnerabilities
advisory
Updated shadow-utils packages fix security vulnerabilities
issue
Updated shadow-utils packages fix security vulnerabilities
issue
Updated thunderbird packages fix various bugs
advisory
Updated thunderbird packages fix various bugs
issue
Updated thunderbird packages fix various bugs
issue

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON
$ Console Community · 100/wk Open console ›