CVE-2013-4235Time-of-check Time-of-use (TOCTOU) Race Condition in Shadow

CWE-367Time-of-check Time-of-use (TOCTOU) Race Condition8 documents8 sources
Severity
4.7MEDIUMNVD
EPSS
0.1%
top 81.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Shadow Project ShadowShadowDebian Linux+2 more
Timeline
PublishedDec 3
Latest updateNov 28

Description

shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.0 | Impact: 3.6

Affected Packages2 packages

Debianshadow_project/shadow< 1:4.12.3+dfsg1-1+2
CVEListV5shadow/shadow1

Also affects: Debian Linux 10.0, 8.0, 9.0, Fedora 16, 17, Enterprise Linux 5, 6.0

🔴Vulnerability Details

3
GHSA
GHSA-2q3w-h8mm-q9v3: shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees2022-05-05
OSV
CVE-2013-4235: shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees2019-12-03
CVEList
CVE-2013-4235: shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees2019-12-03

📋Vendor Advisories

3
Ubuntu
shadow vulnerability2022-11-28
Red Hat
shadow-utils: TOCTOU race conditions by copying and removing directory trees2015-02-06
Debian
CVE-2013-4235: shadow - shadow: TOCTOU (time-of-check time-of-use) race condition when copying and remov...2013

💬Community

1
Bugzilla
CVE-2013-4235 shadow-utils: TOCTOU race conditions by copying and removing directory trees2012-12-06
CVE-2013-4235 — Shadow vulnerability | cvebase