Lucene search
GoogleOSV:DSA-585-1HistoryNov 05, 2004 - 12:00 a.m.
shadow - programming error
2004-11-0500:00:00
Google
osv.dev
9
EPSS
0
Percentile
5.1%
A vulnerability has been discovered in the shadow suite which provides
programs like chfn and chsh. It is possible for a user, who is logged
in but has an expired password to alter his account information with
chfn or chsh without having to change the password. The problem was
originally thought to be more severe.
For the stable distribution (woody) this problem has been fixed in
version 20000902-12woody1.
For the unstable distribution (sid) this problem has been fixed in
version 4.0.3-30.3.
We recommend that you upgrade your passwd package (from the shadow
suite).
References
Related
debiancve
debiancve
CVE-2004-1001
2005-03-01 05:00:00
debian
debian
[SECURITY] [DSA 585-1] New shadow packages fix unintended behaviour
2004-11-05 14:59:37
[SECURITY] [DSA 585-1] New shadow packages fix unintended behaviour
2004-11-05 14:59:37
nessus
nessus
Mandrake Linux Security Advisory : shadow-utils (MDKSA-2004:126)
2004-11-05 00:00:00
GLSA-200411-09 : shadow: Unauthorized modification of account information
2004-11-05 00:00:00
Ubuntu 4.10 : passwd vulnerabilities (USN-17-1)
2006-01-15 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-17-1)
2022-08-26 00:00:00
Gentoo Security Advisory GLSA 200411-09 (shadow)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200411-09 (shadow)
2008-09-24 00:00:00
ubuntucve
ubuntucve
CVE-2004-1001
2005-03-01 00:00:00
gentoo
gentoo
shadow: Unauthorized modification of account information
2004-11-04 00:00:00
cve
cve
CVE-2004-1001
2005-03-01 05:00:00
cvelist
cvelist
CVE-2004-1001
2004-11-04 05:00:00
nvd
nvd
CVE-2004-1001
2005-03-01 05:00:00
ubuntu
ubuntu
passwd vulnerability
2004-11-05 00:00:00