Shadow: TOCTOU Race

Shadow: TOCTOU Race A TOCTOU race has been discovered in Shadow, which could result in the unauthorized modification of files. shadow 2022-10-31 2022-10-31 830486 remote 4.12.2 4.12.2

Shadow contains utilities to deal with user accounts

A TOCTOU race condition was discovered in shadow. A local attacker with write privileges in a directory removed or copied by usermod/userdel could potentially exploit this flaw when the administrator invokes usermod/userdel.

An unauthorized user could potentially modify files which they do not have write permissions for.

There is no known workaround at this time.

All Shadow users should upgrade to the latest version:


          # emerge --sync
          # emerge --ask --oneshot --verbose ">=sys-apps/shadow-4.12.2"

CVE-2013-4235 ajak ajak