Vulnerabilities for Shadow (...) - CXSECURITY.COM

Vulnerabilities for 'Shadow'

2021-03-17

CVE-2017-20002

CWE-269

The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. This allows local users to login as password-less users even if they are connected by non-physical means such as SSH (hence bypassing PAM's nullok_secure configuration). This notably affects environments such as virtual machines automatically generated with a default blank root password, allowing all local users to escalate privileges.

2019-12-03

CVE-2013-4235

CWE-367

shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees

2019-11-04

CVE-2005-4890

CWE-20

There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process.

2011-02-18

CVE-2011-0721

CWE-20

Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in shadow 1:4.1.4 allow local users to add new users or groups to /etc/passwd via the GECOS field.

2008-12-08

CVE-2008-5394

CWE-59

/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line (aka ut_line) field in a utmp entry.

>>> Vendor: Debian 97 Products

Internet message

Toolchain-source

Kernel-patch-vserver

Libmail-audit-perl

Apt-listchanges

Initramfs-tools

Horde groupware

Texlive-extra-utils

Advanced package tool

Exuberant ctags

Unattended-upgrades

Xbindkeys-config

Postgresql-common

Debian-lan-config

Copyright 2024, cxsecurity.com