2 matches found
CVE-2017-20002
The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. This allows local users to login as password-less users even if they are connected by non-physical means such as SSH hence bypassing PAM's nulloksecure configuration. Thi...
shadow lifting vulnerability
shadow is a suite of tools for maintaining Debian systems. A security vulnerability exists in shadow version 4.8. An attacker has exploited this vulnerability to gain root privileges...