Search criteria
16 vulnerabilities found for shadow by debian
CVE-2017-20002 (GCVE-0-2017-20002)
Vulnerability from cvelistv5 – Published: 2021-03-17 06:00 – Updated: 2024-08-05 21:45
VLAI
Summary
The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. This allows local users to login as password-less users even if they are connected by non-physical means such as SSH (hence bypassing PAM's nullok_secure configuration). This notably affects environments such as virtual machines automatically generated with a default blank root password, allowing all local users to escalate privileges.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug… | x_refsource_MISC |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug… | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2021… | mailing-listx_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:45:24.409Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877374"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914957"
},
{
"name": "[debian-lts-announce] 20210317 [SECURITY] [DLA 2596-1] shadow security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. This allows local users to login as password-less users even if they are connected by non-physical means such as SSH (hence bypassing PAM\u0027s nullok_secure configuration). This notably affects environments such as virtual machines automatically generated with a default blank root password, allowing all local users to escalate privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-18T03:57:29.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877374"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914957"
},
{
"name": "[debian-lts-announce] 20210317 [SECURITY] [DLA 2596-1] shadow security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-20002",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. This allows local users to login as password-less users even if they are connected by non-physical means such as SSH (hence bypassing PAM\u0027s nullok_secure configuration). This notably affects environments such as virtual machines automatically generated with a default blank root password, allowing all local users to escalate privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877374",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877374"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914957",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914957"
},
{
"name": "[debian-lts-announce] 20210317 [SECURITY] [DLA 2596-1] shadow security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-20002",
"datePublished": "2021-03-17T06:00:09.000Z",
"dateReserved": "2021-03-17T00:00:00.000Z",
"dateUpdated": "2024-08-05T21:45:24.409Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4235 (GCVE-0-2013-4235)
Vulnerability from cvelistv5 – Published: 2019-12-03 00:00 – Updated: 2024-08-06 16:38
VLAI
Summary
shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees
Severity
No CVSS data available.
CWE
- race conditions by copying and removing directory trees
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:38:01.619Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-4235"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2013-4235"
},
{
"name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
},
{
"name": "GLSA-202210-26",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-26"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "shadow",
"vendor": "shadow",
"versions": [
{
"status": "affected",
"version": "1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "race conditions by copying and removing directory trees",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-31T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2013-4235"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235"
},
{
"url": "https://access.redhat.com/security/cve/cve-2013-4235"
},
{
"name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
},
{
"name": "GLSA-202210-26",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202210-26"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4235",
"datePublished": "2019-12-03T00:00:00.000Z",
"dateReserved": "2013-06-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:38:01.619Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4890 (GCVE-0-2005-4890)
Vulnerability from cvelistv5 – Published: 2019-11-04 18:38 – Updated: 2024-08-08 00:01
VLAI
Summary
There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process.
Severity
No CVSS data available.
CWE
- tty hijacking possible in "su" via TIOCSTI ioctl
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2014/12/15/5 | x_refsource_MISC |
| https://security-tracker.debian.org/tracker/CVE-2… | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_MISC |
| https://access.redhat.com/security/cve/cve-2005-4890 | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2012/11/06/8 | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2013/05/20/3 | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2013/1… | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2013/11/29/5 | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2014/10/20/9 | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2014/10/21/1 | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2016/02/25/6 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:01:23.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/12/15/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2005-4890"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2005-4890"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2005-4890"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/06/8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/05/20/3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/11/28/10"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/11/29/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/10/20/9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/10/21/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/02/25/6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "shadow",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "4.x before 4.1.5"
}
]
},
{
"product": "sudo",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "1.x before 1.7.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via \"su - user -c program\". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "tty hijacking possible in \"su\" via TIOCSTI ioctl",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-04T18:38:09.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2014/12/15/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2005-4890"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2005-4890"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2005-4890"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/06/8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/05/20/3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/11/28/10"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/11/29/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2014/10/20/9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2014/10/21/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2016/02/25/6"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2005-4890",
"datePublished": "2019-11-04T18:38:09.000Z",
"dateReserved": "2011-12-19T00:00:00.000Z",
"dateUpdated": "2024-08-08T00:01:23.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0721 (GCVE-0-2011-0721)
Vulnerability from cvelistv5 – Published: 2011-02-18 23:00 – Updated: 2024-08-06 22:05
VLAI
Summary
Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in shadow 1:4.1.4 allow local users to add new users or groups to /etc/passwd via the GECOS field.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2011/0398 | vdb-entryx_refsource_VUPEN |
| http://www.vupen.com/english/advisories/2011/0773 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/43345 | third-party-advisoryx_refsource_SECUNIA |
| http://www.debian.org/security/2011/dsa-2164 | vendor-advisoryx_refsource_DEBIAN |
| http://www.ubuntu.com/usn/USN-1065-1 | vendor-advisoryx_refsource_UBUNTU |
| http://www.vupen.com/english/advisories/2011/0396 | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://osvdb.org/70895 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/46426 | vdb-entryx_refsource_BID |
| http://slackware.com/security/viewer.php?l=slackw… | vendor-advisoryx_refsource_SLACKWARE |
| http://secunia.com/advisories/42505 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2011-02-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:05:53.410Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2011-0398",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0398"
},
{
"name": "ADV-2011-0773",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0773"
},
{
"name": "43345",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43345"
},
{
"name": "DSA-2164",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2164"
},
{
"name": "USN-1065-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1065-1"
},
{
"name": "ADV-2011-0396",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0396"
},
{
"name": "shadow-chfnchsh-crlf-injection(65564)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65564"
},
{
"name": "70895",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/70895"
},
{
"name": "46426",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46426"
},
{
"name": "SSA:2011-086-03",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.380014"
},
{
"name": "42505",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42505"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in shadow 1:4.1.4 allow local users to add new users or groups to /etc/passwd via the GECOS field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "ADV-2011-0398",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0398"
},
{
"name": "ADV-2011-0773",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0773"
},
{
"name": "43345",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43345"
},
{
"name": "DSA-2164",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2164"
},
{
"name": "USN-1065-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1065-1"
},
{
"name": "ADV-2011-0396",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0396"
},
{
"name": "shadow-chfnchsh-crlf-injection(65564)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65564"
},
{
"name": "70895",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/70895"
},
{
"name": "46426",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46426"
},
{
"name": "SSA:2011-086-03",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.380014"
},
{
"name": "42505",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42505"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2011-0721",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in shadow 1:4.1.4 allow local users to add new users or groups to /etc/passwd via the GECOS field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2011-0398",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0398"
},
{
"name": "ADV-2011-0773",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0773"
},
{
"name": "43345",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43345"
},
{
"name": "DSA-2164",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2164"
},
{
"name": "USN-1065-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1065-1"
},
{
"name": "ADV-2011-0396",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0396"
},
{
"name": "shadow-chfnchsh-crlf-injection(65564)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65564"
},
{
"name": "70895",
"refsource": "OSVDB",
"url": "http://osvdb.org/70895"
},
{
"name": "46426",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46426"
},
{
"name": "SSA:2011-086-03",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.380014"
},
{
"name": "42505",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42505"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2011-0721",
"datePublished": "2011-02-18T23:00:00.000Z",
"dateReserved": "2011-02-01T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:05:53.410Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5394 (GCVE-0-2008-5394)
Vulnerability from cvelistv5 – Published: 2008-12-09 00:00 – Updated: 2024-08-07 10:49
VLAI
Summary
/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line (aka ut_line) field in a utmp entry.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
12 references
| URL | Tags |
|---|---|
| http://osvdb.org/52200 | vdb-entryx_refsource_OSVDB |
| http://bugs.debian.org/505271 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/32552 | vdb-entryx_refsource_BID |
| http://bugs.debian.org/332198 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://security.gentoo.org/glsa/glsa-200903-24.xml | vendor-advisoryx_refsource_GENTOO |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://www.securityfocus.com/archive/1/498769/100… | mailing-listx_refsource_BUGTRAQ |
| https://www.exploit-db.com/exploits/7313 | exploitx_refsource_EXPLOIT-DB |
| http://securityreason.com/securityalert/4695 | third-party-advisoryx_refsource_SREASON |
| http://bugs.debian.org/505071 | x_refsource_CONFIRM |
| http://www.ubuntu.com/usn/usn-695-1 | vendor-advisoryx_refsource_UBUNTU |
Date Public
2008-11-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:49:12.898Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "52200",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/52200"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/505271"
},
{
"name": "32552",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32552"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/332198"
},
{
"name": "debian-login-symlink(47037)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47037"
},
{
"name": "GLSA-200903-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200903-24.xml"
},
{
"name": "MDVSA-2009:062",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:062"
},
{
"name": "20081130 /bin/login gives root to group utmp",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/498769/100/0/threaded"
},
{
"name": "7313",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/7313"
},
{
"name": "4695",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4695"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/505071"
},
{
"name": "USN-695-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-695-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line (aka ut_line) field in a utmp entry."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "52200",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/52200"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/505271"
},
{
"name": "32552",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32552"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/332198"
},
{
"name": "debian-login-symlink(47037)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47037"
},
{
"name": "GLSA-200903-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200903-24.xml"
},
{
"name": "MDVSA-2009:062",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:062"
},
{
"name": "20081130 /bin/login gives root to group utmp",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/498769/100/0/threaded"
},
{
"name": "7313",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/7313"
},
{
"name": "4695",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4695"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/505071"
},
{
"name": "USN-695-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-695-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5394",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line (aka ut_line) field in a utmp entry."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "52200",
"refsource": "OSVDB",
"url": "http://osvdb.org/52200"
},
{
"name": "http://bugs.debian.org/505271",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/505271"
},
{
"name": "32552",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32552"
},
{
"name": "http://bugs.debian.org/332198",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/332198"
},
{
"name": "debian-login-symlink(47037)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47037"
},
{
"name": "GLSA-200903-24",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200903-24.xml"
},
{
"name": "MDVSA-2009:062",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:062"
},
{
"name": "20081130 /bin/login gives root to group utmp",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498769/100/0/threaded"
},
{
"name": "7313",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7313"
},
{
"name": "4695",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4695"
},
{
"name": "http://bugs.debian.org/505071",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/505071"
},
{
"name": "USN-695-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-695-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5394",
"datePublished": "2008-12-09T00:00:00.000Z",
"dateReserved": "2008-12-08T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:49:12.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1174 (GCVE-0-2006-1174)
Vulnerability from cvelistv5 – Published: 2006-05-28 23:00 – Updated: 2024-08-07 17:03
VLAI
Summary
useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and possibly allows attackers to read or modify the mailbox.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
26 references
Date Public
2006-05-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:03:28.515Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"
},
{
"name": "25098",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25098"
},
{
"name": "25894",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25894"
},
{
"name": "RHSA-2007:0431",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0431.html"
},
{
"name": "ADV-2007-3229",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3229"
},
{
"name": "25267",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25267"
},
{
"name": "RHSA-2007:0276",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0276.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-249.htm"
},
{
"name": "18111",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18111"
},
{
"name": "1018221",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018221"
},
{
"name": "25629",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25629"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.pld.org.pl/shadow/NEWS?rev=1.109"
},
{
"name": "shadow-utils-useradd-file-permission(26958)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26958"
},
{
"name": "VU#312692",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/312692"
},
{
"name": "GLSA-200606-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-02.xml"
},
{
"name": "25896",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25896"
},
{
"name": "20070511 rPSA-2007-0096-1 shadow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/468336/100/0/threaded"
},
{
"name": "MDKSA-2006:090",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:090"
},
{
"name": "oval:org.mitre.oval:def:10807",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10807"
},
{
"name": "26909",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26909"
},
{
"name": "27706",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27706"
},
{
"name": "ADV-2006-2006",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2006"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1357"
},
{
"name": "20506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20506"
},
{
"name": "20370",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20370"
},
{
"name": "20070602-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and possibly allows attackers to read or modify the mailbox."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"
},
{
"name": "25098",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25098"
},
{
"name": "25894",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25894"
},
{
"name": "RHSA-2007:0431",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0431.html"
},
{
"name": "ADV-2007-3229",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3229"
},
{
"name": "25267",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25267"
},
{
"name": "RHSA-2007:0276",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0276.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-249.htm"
},
{
"name": "18111",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18111"
},
{
"name": "1018221",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018221"
},
{
"name": "25629",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25629"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.pld.org.pl/shadow/NEWS?rev=1.109"
},
{
"name": "shadow-utils-useradd-file-permission(26958)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26958"
},
{
"name": "VU#312692",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/312692"
},
{
"name": "GLSA-200606-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-02.xml"
},
{
"name": "25896",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25896"
},
{
"name": "20070511 rPSA-2007-0096-1 shadow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/468336/100/0/threaded"
},
{
"name": "MDKSA-2006:090",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:090"
},
{
"name": "oval:org.mitre.oval:def:10807",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10807"
},
{
"name": "26909",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26909"
},
{
"name": "27706",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27706"
},
{
"name": "ADV-2006-2006",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2006"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1357"
},
{
"name": "20506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20506"
},
{
"name": "20370",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20370"
},
{
"name": "20070602-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2006-1174",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and possibly allows attackers to read or modify the mailbox."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"
},
{
"name": "25098",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25098"
},
{
"name": "25894",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25894"
},
{
"name": "RHSA-2007:0431",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0431.html"
},
{
"name": "ADV-2007-3229",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3229"
},
{
"name": "25267",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25267"
},
{
"name": "RHSA-2007:0276",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0276.html"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2007-249.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-249.htm"
},
{
"name": "18111",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18111"
},
{
"name": "1018221",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018221"
},
{
"name": "25629",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25629"
},
{
"name": "http://cvs.pld.org.pl/shadow/NEWS?rev=1.109",
"refsource": "CONFIRM",
"url": "http://cvs.pld.org.pl/shadow/NEWS?rev=1.109"
},
{
"name": "shadow-utils-useradd-file-permission(26958)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26958"
},
{
"name": "VU#312692",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/312692"
},
{
"name": "GLSA-200606-02",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-02.xml"
},
{
"name": "25896",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25896"
},
{
"name": "20070511 rPSA-2007-0096-1 shadow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/468336/100/0/threaded"
},
{
"name": "MDKSA-2006:090",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:090"
},
{
"name": "oval:org.mitre.oval:def:10807",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10807"
},
{
"name": "26909",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26909"
},
{
"name": "27706",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27706"
},
{
"name": "ADV-2006-2006",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2006"
},
{
"name": "https://issues.rpath.com/browse/RPL-1357",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1357"
},
{
"name": "20506",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20506"
},
{
"name": "20370",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20370"
},
{
"name": "20070602-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2006-1174",
"datePublished": "2006-05-28T23:00:00.000Z",
"dateReserved": "2006-03-12T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:03:28.515Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1844 (GCVE-0-2006-1844)
Vulnerability from cvelistv5 – Published: 2006-04-19 16:00 – Updated: 2024-09-16 16:19
VLAI
Summary
The Debian installer for the (1) shadow 4.0.14 and (2) base-config 2.53.10 packages includes sensitive information in world-readable log files, including preseeded passwords and pppoeconf passwords, which might allow local users to gain privileges.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356939 | x_refsource_CONFIRM |
| http://www.osvdb.org/23922 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/19170 | third-party-advisoryx_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:27:29.560Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356939"
},
{
"name": "23922",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23922"
},
{
"name": "19170",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19170"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Debian installer for the (1) shadow 4.0.14 and (2) base-config 2.53.10 packages includes sensitive information in world-readable log files, including preseeded passwords and pppoeconf passwords, which might allow local users to gain privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-04-19T16:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356939"
},
{
"name": "23922",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23922"
},
{
"name": "19170",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19170"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1844",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Debian installer for the (1) shadow 4.0.14 and (2) base-config 2.53.10 packages includes sensitive information in world-readable log files, including preseeded passwords and pppoeconf passwords, which might allow local users to gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356939",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356939"
},
{
"name": "23922",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23922"
},
{
"name": "19170",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19170"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1844",
"datePublished": "2006-04-19T16:00:00.000Z",
"dateReserved": "2006-04-19T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:19:03.495Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1001 (GCVE-0-2004-1001)
Vulnerability from cvelistv5 – Published: 2004-11-04 05:00 – Updated: 2024-08-08 00:38
VLAI
Summary
Unknown vulnerability in the passwd_check function in Shadow 4.0.4.1, and possibly other versions before 4.0.5, allows local users to conduct unauthorized activities when an error from a pam_chauthtok function call is not properly handled.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/13028 | third-party-advisoryx_refsource_SECUNIA |
| http://www.debian.org/security/2004/dsa-585 | vendor-advisoryx_refsource_DEBIAN |
| http://distro.conectiva.com.br/atualizacoes/?id=a… | vendor-advisoryx_refsource_CONECTIVA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2004-10-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:38:59.702Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "13028",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/13028"
},
{
"name": "DSA-585",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2004/dsa-585"
},
{
"name": "CLA-2004:894",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000894"
},
{
"name": "shadow-pwdcheck-modify-account(17902)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17902"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-10-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in the passwd_check function in Shadow 4.0.4.1, and possibly other versions before 4.0.5, allows local users to conduct unauthorized activities when an error from a pam_chauthtok function call is not properly handled."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "13028",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/13028"
},
{
"name": "DSA-585",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2004/dsa-585"
},
{
"name": "CLA-2004:894",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000894"
},
{
"name": "shadow-pwdcheck-modify-account(17902)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17902"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1001",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in the passwd_check function in Shadow 4.0.4.1, and possibly other versions before 4.0.5, allows local users to conduct unauthorized activities when an error from a pam_chauthtok function call is not properly handled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "13028",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13028"
},
{
"name": "DSA-585",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-585"
},
{
"name": "CLA-2004:894",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000894"
},
{
"name": "shadow-pwdcheck-modify-account(17902)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17902"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1001",
"datePublished": "2004-11-04T05:00:00.000Z",
"dateReserved": "2004-11-02T00:00:00.000Z",
"dateUpdated": "2024-08-08T00:38:59.702Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-20002 (GCVE-0-2017-20002)
Vulnerability from nvd – Published: 2021-03-17 06:00 – Updated: 2024-08-05 21:45
VLAI
Summary
The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. This allows local users to login as password-less users even if they are connected by non-physical means such as SSH (hence bypassing PAM's nullok_secure configuration). This notably affects environments such as virtual machines automatically generated with a default blank root password, allowing all local users to escalate privileges.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug… | x_refsource_MISC |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug… | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2021… | mailing-listx_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:45:24.409Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877374"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914957"
},
{
"name": "[debian-lts-announce] 20210317 [SECURITY] [DLA 2596-1] shadow security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. This allows local users to login as password-less users even if they are connected by non-physical means such as SSH (hence bypassing PAM\u0027s nullok_secure configuration). This notably affects environments such as virtual machines automatically generated with a default blank root password, allowing all local users to escalate privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-18T03:57:29.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877374"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914957"
},
{
"name": "[debian-lts-announce] 20210317 [SECURITY] [DLA 2596-1] shadow security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-20002",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. This allows local users to login as password-less users even if they are connected by non-physical means such as SSH (hence bypassing PAM\u0027s nullok_secure configuration). This notably affects environments such as virtual machines automatically generated with a default blank root password, allowing all local users to escalate privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877374",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877374"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914957",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914957"
},
{
"name": "[debian-lts-announce] 20210317 [SECURITY] [DLA 2596-1] shadow security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-20002",
"datePublished": "2021-03-17T06:00:09.000Z",
"dateReserved": "2021-03-17T00:00:00.000Z",
"dateUpdated": "2024-08-05T21:45:24.409Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4235 (GCVE-0-2013-4235)
Vulnerability from nvd – Published: 2019-12-03 00:00 – Updated: 2024-08-06 16:38
VLAI
Summary
shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees
Severity
No CVSS data available.
CWE
- race conditions by copying and removing directory trees
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:38:01.619Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-4235"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2013-4235"
},
{
"name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
},
{
"name": "GLSA-202210-26",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-26"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "shadow",
"vendor": "shadow",
"versions": [
{
"status": "affected",
"version": "1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "race conditions by copying and removing directory trees",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-31T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2013-4235"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235"
},
{
"url": "https://access.redhat.com/security/cve/cve-2013-4235"
},
{
"name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
},
{
"name": "GLSA-202210-26",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202210-26"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4235",
"datePublished": "2019-12-03T00:00:00.000Z",
"dateReserved": "2013-06-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:38:01.619Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4890 (GCVE-0-2005-4890)
Vulnerability from nvd – Published: 2019-11-04 18:38 – Updated: 2024-08-08 00:01
VLAI
Summary
There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process.
Severity
No CVSS data available.
CWE
- tty hijacking possible in "su" via TIOCSTI ioctl
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2014/12/15/5 | x_refsource_MISC |
| https://security-tracker.debian.org/tracker/CVE-2… | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_MISC |
| https://access.redhat.com/security/cve/cve-2005-4890 | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2012/11/06/8 | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2013/05/20/3 | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2013/1… | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2013/11/29/5 | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2014/10/20/9 | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2014/10/21/1 | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2016/02/25/6 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:01:23.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/12/15/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2005-4890"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2005-4890"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2005-4890"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/06/8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/05/20/3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/11/28/10"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/11/29/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/10/20/9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/10/21/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/02/25/6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "shadow",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "4.x before 4.1.5"
}
]
},
{
"product": "sudo",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "1.x before 1.7.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via \"su - user -c program\". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "tty hijacking possible in \"su\" via TIOCSTI ioctl",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-04T18:38:09.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2014/12/15/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2005-4890"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2005-4890"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2005-4890"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/06/8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/05/20/3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/11/28/10"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/11/29/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2014/10/20/9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2014/10/21/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2016/02/25/6"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2005-4890",
"datePublished": "2019-11-04T18:38:09.000Z",
"dateReserved": "2011-12-19T00:00:00.000Z",
"dateUpdated": "2024-08-08T00:01:23.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0721 (GCVE-0-2011-0721)
Vulnerability from nvd – Published: 2011-02-18 23:00 – Updated: 2024-08-06 22:05
VLAI
Summary
Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in shadow 1:4.1.4 allow local users to add new users or groups to /etc/passwd via the GECOS field.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2011/0398 | vdb-entryx_refsource_VUPEN |
| http://www.vupen.com/english/advisories/2011/0773 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/43345 | third-party-advisoryx_refsource_SECUNIA |
| http://www.debian.org/security/2011/dsa-2164 | vendor-advisoryx_refsource_DEBIAN |
| http://www.ubuntu.com/usn/USN-1065-1 | vendor-advisoryx_refsource_UBUNTU |
| http://www.vupen.com/english/advisories/2011/0396 | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://osvdb.org/70895 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/46426 | vdb-entryx_refsource_BID |
| http://slackware.com/security/viewer.php?l=slackw… | vendor-advisoryx_refsource_SLACKWARE |
| http://secunia.com/advisories/42505 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2011-02-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:05:53.410Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2011-0398",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0398"
},
{
"name": "ADV-2011-0773",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0773"
},
{
"name": "43345",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43345"
},
{
"name": "DSA-2164",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2164"
},
{
"name": "USN-1065-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1065-1"
},
{
"name": "ADV-2011-0396",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0396"
},
{
"name": "shadow-chfnchsh-crlf-injection(65564)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65564"
},
{
"name": "70895",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/70895"
},
{
"name": "46426",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46426"
},
{
"name": "SSA:2011-086-03",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.380014"
},
{
"name": "42505",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42505"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in shadow 1:4.1.4 allow local users to add new users or groups to /etc/passwd via the GECOS field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "ADV-2011-0398",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0398"
},
{
"name": "ADV-2011-0773",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0773"
},
{
"name": "43345",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43345"
},
{
"name": "DSA-2164",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2164"
},
{
"name": "USN-1065-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1065-1"
},
{
"name": "ADV-2011-0396",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0396"
},
{
"name": "shadow-chfnchsh-crlf-injection(65564)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65564"
},
{
"name": "70895",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/70895"
},
{
"name": "46426",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46426"
},
{
"name": "SSA:2011-086-03",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.380014"
},
{
"name": "42505",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42505"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2011-0721",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in shadow 1:4.1.4 allow local users to add new users or groups to /etc/passwd via the GECOS field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2011-0398",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0398"
},
{
"name": "ADV-2011-0773",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0773"
},
{
"name": "43345",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43345"
},
{
"name": "DSA-2164",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2164"
},
{
"name": "USN-1065-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1065-1"
},
{
"name": "ADV-2011-0396",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0396"
},
{
"name": "shadow-chfnchsh-crlf-injection(65564)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65564"
},
{
"name": "70895",
"refsource": "OSVDB",
"url": "http://osvdb.org/70895"
},
{
"name": "46426",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46426"
},
{
"name": "SSA:2011-086-03",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.380014"
},
{
"name": "42505",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42505"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2011-0721",
"datePublished": "2011-02-18T23:00:00.000Z",
"dateReserved": "2011-02-01T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:05:53.410Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5394 (GCVE-0-2008-5394)
Vulnerability from nvd – Published: 2008-12-09 00:00 – Updated: 2024-08-07 10:49
VLAI
Summary
/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line (aka ut_line) field in a utmp entry.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
12 references
| URL | Tags |
|---|---|
| http://osvdb.org/52200 | vdb-entryx_refsource_OSVDB |
| http://bugs.debian.org/505271 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/32552 | vdb-entryx_refsource_BID |
| http://bugs.debian.org/332198 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://security.gentoo.org/glsa/glsa-200903-24.xml | vendor-advisoryx_refsource_GENTOO |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://www.securityfocus.com/archive/1/498769/100… | mailing-listx_refsource_BUGTRAQ |
| https://www.exploit-db.com/exploits/7313 | exploitx_refsource_EXPLOIT-DB |
| http://securityreason.com/securityalert/4695 | third-party-advisoryx_refsource_SREASON |
| http://bugs.debian.org/505071 | x_refsource_CONFIRM |
| http://www.ubuntu.com/usn/usn-695-1 | vendor-advisoryx_refsource_UBUNTU |
Date Public
2008-11-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:49:12.898Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "52200",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/52200"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/505271"
},
{
"name": "32552",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32552"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/332198"
},
{
"name": "debian-login-symlink(47037)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47037"
},
{
"name": "GLSA-200903-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200903-24.xml"
},
{
"name": "MDVSA-2009:062",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:062"
},
{
"name": "20081130 /bin/login gives root to group utmp",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/498769/100/0/threaded"
},
{
"name": "7313",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/7313"
},
{
"name": "4695",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4695"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/505071"
},
{
"name": "USN-695-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-695-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line (aka ut_line) field in a utmp entry."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "52200",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/52200"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/505271"
},
{
"name": "32552",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32552"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/332198"
},
{
"name": "debian-login-symlink(47037)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47037"
},
{
"name": "GLSA-200903-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200903-24.xml"
},
{
"name": "MDVSA-2009:062",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:062"
},
{
"name": "20081130 /bin/login gives root to group utmp",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/498769/100/0/threaded"
},
{
"name": "7313",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/7313"
},
{
"name": "4695",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4695"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/505071"
},
{
"name": "USN-695-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-695-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5394",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line (aka ut_line) field in a utmp entry."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "52200",
"refsource": "OSVDB",
"url": "http://osvdb.org/52200"
},
{
"name": "http://bugs.debian.org/505271",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/505271"
},
{
"name": "32552",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32552"
},
{
"name": "http://bugs.debian.org/332198",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/332198"
},
{
"name": "debian-login-symlink(47037)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47037"
},
{
"name": "GLSA-200903-24",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200903-24.xml"
},
{
"name": "MDVSA-2009:062",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:062"
},
{
"name": "20081130 /bin/login gives root to group utmp",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498769/100/0/threaded"
},
{
"name": "7313",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7313"
},
{
"name": "4695",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4695"
},
{
"name": "http://bugs.debian.org/505071",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/505071"
},
{
"name": "USN-695-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-695-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5394",
"datePublished": "2008-12-09T00:00:00.000Z",
"dateReserved": "2008-12-08T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:49:12.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1174 (GCVE-0-2006-1174)
Vulnerability from nvd – Published: 2006-05-28 23:00 – Updated: 2024-08-07 17:03
VLAI
Summary
useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and possibly allows attackers to read or modify the mailbox.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
26 references
Date Public
2006-05-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:03:28.515Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"
},
{
"name": "25098",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25098"
},
{
"name": "25894",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25894"
},
{
"name": "RHSA-2007:0431",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0431.html"
},
{
"name": "ADV-2007-3229",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3229"
},
{
"name": "25267",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25267"
},
{
"name": "RHSA-2007:0276",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0276.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-249.htm"
},
{
"name": "18111",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18111"
},
{
"name": "1018221",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018221"
},
{
"name": "25629",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25629"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.pld.org.pl/shadow/NEWS?rev=1.109"
},
{
"name": "shadow-utils-useradd-file-permission(26958)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26958"
},
{
"name": "VU#312692",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/312692"
},
{
"name": "GLSA-200606-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-02.xml"
},
{
"name": "25896",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25896"
},
{
"name": "20070511 rPSA-2007-0096-1 shadow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/468336/100/0/threaded"
},
{
"name": "MDKSA-2006:090",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:090"
},
{
"name": "oval:org.mitre.oval:def:10807",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10807"
},
{
"name": "26909",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26909"
},
{
"name": "27706",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27706"
},
{
"name": "ADV-2006-2006",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2006"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1357"
},
{
"name": "20506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20506"
},
{
"name": "20370",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20370"
},
{
"name": "20070602-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and possibly allows attackers to read or modify the mailbox."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"
},
{
"name": "25098",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25098"
},
{
"name": "25894",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25894"
},
{
"name": "RHSA-2007:0431",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0431.html"
},
{
"name": "ADV-2007-3229",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3229"
},
{
"name": "25267",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25267"
},
{
"name": "RHSA-2007:0276",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0276.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-249.htm"
},
{
"name": "18111",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18111"
},
{
"name": "1018221",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018221"
},
{
"name": "25629",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25629"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.pld.org.pl/shadow/NEWS?rev=1.109"
},
{
"name": "shadow-utils-useradd-file-permission(26958)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26958"
},
{
"name": "VU#312692",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/312692"
},
{
"name": "GLSA-200606-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-02.xml"
},
{
"name": "25896",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25896"
},
{
"name": "20070511 rPSA-2007-0096-1 shadow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/468336/100/0/threaded"
},
{
"name": "MDKSA-2006:090",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:090"
},
{
"name": "oval:org.mitre.oval:def:10807",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10807"
},
{
"name": "26909",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26909"
},
{
"name": "27706",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27706"
},
{
"name": "ADV-2006-2006",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2006"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1357"
},
{
"name": "20506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20506"
},
{
"name": "20370",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20370"
},
{
"name": "20070602-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2006-1174",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and possibly allows attackers to read or modify the mailbox."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"
},
{
"name": "25098",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25098"
},
{
"name": "25894",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25894"
},
{
"name": "RHSA-2007:0431",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0431.html"
},
{
"name": "ADV-2007-3229",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3229"
},
{
"name": "25267",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25267"
},
{
"name": "RHSA-2007:0276",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0276.html"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2007-249.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-249.htm"
},
{
"name": "18111",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18111"
},
{
"name": "1018221",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018221"
},
{
"name": "25629",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25629"
},
{
"name": "http://cvs.pld.org.pl/shadow/NEWS?rev=1.109",
"refsource": "CONFIRM",
"url": "http://cvs.pld.org.pl/shadow/NEWS?rev=1.109"
},
{
"name": "shadow-utils-useradd-file-permission(26958)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26958"
},
{
"name": "VU#312692",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/312692"
},
{
"name": "GLSA-200606-02",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-02.xml"
},
{
"name": "25896",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25896"
},
{
"name": "20070511 rPSA-2007-0096-1 shadow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/468336/100/0/threaded"
},
{
"name": "MDKSA-2006:090",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:090"
},
{
"name": "oval:org.mitre.oval:def:10807",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10807"
},
{
"name": "26909",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26909"
},
{
"name": "27706",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27706"
},
{
"name": "ADV-2006-2006",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2006"
},
{
"name": "https://issues.rpath.com/browse/RPL-1357",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1357"
},
{
"name": "20506",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20506"
},
{
"name": "20370",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20370"
},
{
"name": "20070602-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2006-1174",
"datePublished": "2006-05-28T23:00:00.000Z",
"dateReserved": "2006-03-12T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:03:28.515Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1844 (GCVE-0-2006-1844)
Vulnerability from nvd – Published: 2006-04-19 16:00 – Updated: 2024-09-16 16:19
VLAI
Summary
The Debian installer for the (1) shadow 4.0.14 and (2) base-config 2.53.10 packages includes sensitive information in world-readable log files, including preseeded passwords and pppoeconf passwords, which might allow local users to gain privileges.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356939 | x_refsource_CONFIRM |
| http://www.osvdb.org/23922 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/19170 | third-party-advisoryx_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:27:29.560Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356939"
},
{
"name": "23922",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23922"
},
{
"name": "19170",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19170"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Debian installer for the (1) shadow 4.0.14 and (2) base-config 2.53.10 packages includes sensitive information in world-readable log files, including preseeded passwords and pppoeconf passwords, which might allow local users to gain privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-04-19T16:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356939"
},
{
"name": "23922",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23922"
},
{
"name": "19170",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19170"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1844",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Debian installer for the (1) shadow 4.0.14 and (2) base-config 2.53.10 packages includes sensitive information in world-readable log files, including preseeded passwords and pppoeconf passwords, which might allow local users to gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356939",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356939"
},
{
"name": "23922",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23922"
},
{
"name": "19170",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19170"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1844",
"datePublished": "2006-04-19T16:00:00.000Z",
"dateReserved": "2006-04-19T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:19:03.495Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1001 (GCVE-0-2004-1001)
Vulnerability from nvd – Published: 2004-11-04 05:00 – Updated: 2024-08-08 00:38
VLAI
Summary
Unknown vulnerability in the passwd_check function in Shadow 4.0.4.1, and possibly other versions before 4.0.5, allows local users to conduct unauthorized activities when an error from a pam_chauthtok function call is not properly handled.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/13028 | third-party-advisoryx_refsource_SECUNIA |
| http://www.debian.org/security/2004/dsa-585 | vendor-advisoryx_refsource_DEBIAN |
| http://distro.conectiva.com.br/atualizacoes/?id=a… | vendor-advisoryx_refsource_CONECTIVA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2004-10-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:38:59.702Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "13028",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/13028"
},
{
"name": "DSA-585",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2004/dsa-585"
},
{
"name": "CLA-2004:894",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000894"
},
{
"name": "shadow-pwdcheck-modify-account(17902)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17902"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-10-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in the passwd_check function in Shadow 4.0.4.1, and possibly other versions before 4.0.5, allows local users to conduct unauthorized activities when an error from a pam_chauthtok function call is not properly handled."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "13028",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/13028"
},
{
"name": "DSA-585",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2004/dsa-585"
},
{
"name": "CLA-2004:894",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000894"
},
{
"name": "shadow-pwdcheck-modify-account(17902)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17902"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1001",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in the passwd_check function in Shadow 4.0.4.1, and possibly other versions before 4.0.5, allows local users to conduct unauthorized activities when an error from a pam_chauthtok function call is not properly handled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "13028",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13028"
},
{
"name": "DSA-585",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-585"
},
{
"name": "CLA-2004:894",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000894"
},
{
"name": "shadow-pwdcheck-modify-account(17902)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17902"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1001",
"datePublished": "2004-11-04T05:00:00.000Z",
"dateReserved": "2004-11-02T00:00:00.000Z",
"dateUpdated": "2024-08-08T00:38:59.702Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}