CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2017-20002
https://notcve.org/view.php?id=CVE-2017-20002
17 Mar 2021 — The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. This allows local users to login as password-less users even if they are connected by non-physical means such as SSH (hence bypassing PAM's nullok_secure configuration). This notably affects environments such as virtual machines automatically generated with a default blank root password, allowing all local users to escalate privileges. El paquete shadow de Debian versiones anteriore... • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877374 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-16588
https://notcve.org/view.php?id=CVE-2018-16588
26 Sep 2018 — Privilege escalation can occur in the SUSE useradd.c code in useradd, as distributed in the SUSE shadow package through 4.2.1-27.9.1 for SUSE Linux Enterprise 12 (SLE-12) and through 4.5-5.39 for SUSE Linux Enterprise 15 (SLE-15). Non-existing intermediate directories are created with mode 0777 during user creation. Given that they are world-writable, local attackers might use this for privilege escalation and other unspecified attacks. NOTE: this would affect non-SUSE users who took useradd.c code from a 2... • http://lists.opensuse.org/opensuse-security-announce/2018-09/msg00073.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-12424 – Ubuntu Security Notice USN-5254-1
https://notcve.org/view.php?id=CVE-2017-12424
04 Aug 2017 — In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts. En las versiones de Shadow anteriores a la 4.5, la herramienta newusers podría utilizarse para m... • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756630 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •