RSS   Vulnerabilities for 'Shadow'   RSS

2011-02-18
 
CVE-2011-0721

CWE-20
 

 
Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in shadow 1:4.1.4 allow local users to add new users or groups to /etc/passwd via the GECOS field.

 
2008-12-08
 
CVE-2008-5394

CWE-59
 

 
/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line (aka ut_line) field in a utmp entry.

 

 >>> Vendor: Debian 93 Products
Debian linux
Netkit
Elvis tiny
Sgml-tools
Netstd
Internet message
Mime-support
FSP
Lintian
Shadow-utils
Debmake
Tetex-bin
DPKG
Sympa
Bsmtpd
Toolchain-source
PPXP
Reportbug
Qpopper
Apt-cacher
Apt-setup
Backupninja
Kernel-patch-vserver
Libmail-audit-perl
Amaya
Base-config
Apache
GFAX
Debian-goodies
Reprepro
Guilt
UNP
Apt-listchanges
TSS
Aptlinex
Projectl
Horde
Turba
Honeyd common
Citadel server
Python-dns
Xsabre
FETA
Dpkg-cross
Myspell
Newsgate
Initramfs-tools
Os-prober
Mailscanner
LTP
Shadow
Horde imp
Horde groupware
Nss-ldap
APT
Libdbd-pg-perl
Mono-debugger
Tex-common
Apache2
Texlive-extra-utils
Php5-common
Logol
Devotee
Cifs-utils
Trousers
Bsdmainutils
Cfingerd
LATD
Txt2man
Adequate
Localepurge
Syncevolution
Axiom
Ppthtml
Xbuffy
Strongswan
Dpkg-dev
Kde4libs
Python-imaging
Exuberant ctags
Hivex
Dbd-firebird
Unattended-upgrades
FUSE
TOR
Xbindkeys-config
Ftpsync
Postgresql-common
TIN
Devscript
Advanced package tool
Crossroads
Tmpreaper


Copyright 2019, cxsecurity.com

 

Back to Top