Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-2164-1
HistoryFeb 16, 2011 - 12:00 a.m.

shadow - missing input sanitization

2011-02-1600:00:00
Google
osv.dev
6

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

JSON

Kees Cook discovered that the chfn and chsh utilities do not properly
sanitize user input that includes newlines. An attacker could use this
to corrupt passwd entries and may create users or groups in NIS
environments.

Packages in the oldstable distribution (lenny) are not affected by this
problem.

For the stable distribution (squeeze), this problem has been fixed in
version 1:4.1.4.2+svn3283-2+squeeze1.

For the testing (wheezy) and unstable (sid) distributions, this problem
will be fixed soon.

We recommend that you upgrade your shadow packages.

CPENameOperatorVersion
shadoweq1:4.1.4.2+svn3283-2

Related

slackware 1
openvas 7
prion 1
ubuntucve 1
debian 1
nessus 4
securityvulns 3
ubuntu 1
debiancve 1
cve 1
gentoo 1
slackware
slackware
[slackware-security] shadow
2011-03-27 23:18:49
openvas
openvas
Debian Security Advisory DSA 2164-1 (shadow)
2011-03-07 00:00:00
Ubuntu Update for shadow vulnerability USN-1065-1
2011-02-18 00:00:00
Debian: Security Advisory (DSA-2164-1)
2011-03-07 00:00:00
prion
prion
Crlf injection
2011-02-19 01:00:00
ubuntucve
ubuntucve
CVE-2011-0721
2011-02-15 00:00:00
debian
debian
[SECURITY] [DSA 2164-1] shadow security update
2011-02-16 00:02:15
nessus
nessus
Slackware 13.1 / current : shadow (SSA:2011-086-03)
2011-05-28 00:00:00
Ubuntu 9.10 / 10.04 LTS / 10.10 : shadow vulnerability (USN-1065-1)
2011-02-16 00:00:00
Debian DSA-2164-1 : shadow - insufficient input sanitization
2011-02-20 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 2164-1] shadow security update
2011-02-17 00:00:00
[USN-1065-1] shadow vulnerability
2011-02-17 00:00:00
passwd / shadow vulnerabilities
2011-02-18 00:00:00
ubuntu
ubuntu
shadow vulnerability
2011-02-15 00:00:00
debiancve
debiancve
CVE-2011-0721
2011-02-19 01:00:00
cve
cve
CVE-2011-0721
2011-02-19 01:00:00
gentoo
gentoo
Multiple packages, Multiple vulnerabilities fixed in 2011
2014-12-11 00:00:00

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

JSON
Related for OSV:DSA-2164-1
slackware1openvas7prion1ubuntucve1debian1nessus4securityvulns3ubuntu1debiancve1cve1gentoo1