CVE-2017-20002

🗓️ 17 Mar 2021 06:00:09Reported by Debian Security Bug TrackerType

debiancve

debiancve🔗 security-tracker.debian.org👁 34 Views

The Debian shadow package allows password-less login via SSH, leading to privilege escalatio

Reporter	Title	Published	Views	Family All 16
BDU FSTEC	The vulnerability of the shadow account management tool is related to insecure management of privileges, allowing a perpetrator to access confidential data, compromise its integrity, and cause service failures.	7 Dec 202100:00	–	bdu_fstec
Circl	CVE-2017-20002	17 Mar 202111:31	–	circl
CNNVD	shadow 安全漏洞	17 Mar 202100:00	–	cnnvd
CVE	CVE-2017-20002	17 Mar 202106:00	–	cve
Cvelist	CVE-2017-20002	17 Mar 202106:00	–	cvelist
Debian	[SECURITY] [DLA 2596-1] shadow security update	17 Mar 202113:10	–	debian
Tenable Nessus	Debian DLA-2596-1 : shadow security update	16 Mar 202100:00	–	nessus
EUVD	EUVD-2017-11017	7 Oct 202500:30	–	euvd
NVD	CVE-2017-20002	17 Mar 202106:15	–	nvd
OpenVAS	Debian: Security Advisory (DLA-2596-1)	17 Mar 202100:00	–	openvas

OS	OS Version	Architecture	Package	Package Version	Filename
Debian	11	any	shadow	1:4.5-1	shadow_1:4.5-1_any.deb
Debian	12	any	shadow	1:4.5-1	shadow_1:4.5-1_any.deb
Debian	13	any	shadow	1:4.5-1	shadow_1:4.5-1_any.deb
Debian	14	any	shadow	1:4.5-1	shadow_1:4.5-1_any.deb
Debian	999	any	shadow	1:4.5-1	shadow_1:4.5-1_any.deb

17 Mar 2021 06:00Current

7.4High risk

Vulners AI Score7.4

CVSS 24.6

CVSS 3.17.8

EPSS0.00052

debian shadow package password-less login ssh privilege escalation cve-2017-20002 /etc/securetty pam virtual machines