2 matches found
Crlf injection
Multiple CRLF injection vulnerabilities in 1 chfn and 2 chsh in shadow 1:4.1.4 allow local users to add new users or groups to /etc/passwd via the GECOS field...
CVE-2011-0721
CVE-2011-0721 affects the shadow package: CRLF injection in chfn and chsh allows local users to alter /etc/passwd via the GECOS field. Root cause is improper input sanitization of newline characters. Debian and Slackware advisories indicate an updated shadow package as the fix; exploitation detai...