CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2017-20002
https://notcve.org/view.php?id=CVE-2017-20002
17 Mar 2021 — The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. This allows local users to login as password-less users even if they are connected by non-physical means such as SSH (hence bypassing PAM's nullok_secure configuration). This notably affects environments such as virtual machines automatically generated with a default blank root password, allowing all local users to escalate privileges. El paquete shadow de Debian versiones anteriore... • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877374 • CWE-269: Improper Privilege Management •
CVSS: 8.1EPSS: 1%CPEs: 1EXPL: 0CVE-2019-16110
https://notcve.org/view.php?id=CVE-2019-16110
14 Nov 2019 — The network protocol of Blade Shadow though 2.13.3 allows remote attackers to take control of a Shadow instance and execute arbitrary code by only knowing the victim's IP address, because packet data can be injected into the unencrypted UDP packet stream. El protocolo de red de Blade Shadow, versiones hasta la versión 2.13.3, permite a los atacantes remotos tomar el control de una instancia Shadow y ejecutar código arbitrario solo conociendo la dirección IP de la víctima, porque los datos del paquete pueden... • https://sigint.sh/#/cve-2019-16110 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 1CVE-2005-4890
https://notcve.org/view.php?id=CVE-2005-4890
04 Nov 2019 — There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process. Se presenta un posible secuestro de tty en shadow versiones 4.x anteriores a 4.1.5 y sudo versiones 1.x anteriores a 1.7.4 por medio de "su - user -c program". La sesión de usuario puede ser escapada a la sesión principal mediante el uso de la... • http://www.openwall.com/lists/oss-security/2012/11/06/8 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-16588
https://notcve.org/view.php?id=CVE-2018-16588
26 Sep 2018 — Privilege escalation can occur in the SUSE useradd.c code in useradd, as distributed in the SUSE shadow package through 4.2.1-27.9.1 for SUSE Linux Enterprise 12 (SLE-12) and through 4.5-5.39 for SUSE Linux Enterprise 15 (SLE-15). Non-existing intermediate directories are created with mode 0777 during user creation. Given that they are world-writable, local attackers might use this for privilege escalation and other unspecified attacks. NOTE: this would affect non-SUSE users who took useradd.c code from a 2... • http://lists.opensuse.org/opensuse-security-announce/2018-09/msg00073.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-12424 – Ubuntu Security Notice USN-5254-1
https://notcve.org/view.php?id=CVE-2017-12424
04 Aug 2017 — In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts. En las versiones de Shadow anteriores a la 4.5, la herramienta newusers podría utilizarse para m... • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756630 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6252 – Gentoo Linux Security Advisory 201706-02
https://notcve.org/view.php?id=CVE-2016-6252
17 Feb 2017 — Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap. Desbordamiento de enteros en shadow 4.2.1 permite a usuarios locales obtener privilegios a través de una entrada manipulada para newuidmap. USN-3276-1 intended to fix a vulnerability in su. The solution introduced a regression in su signal handling. This update modifies the security fix. • http://www.debian.org/security/2017/dsa-3793 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2011-0721 – Gentoo Linux Security Advisory 201412-09
https://notcve.org/view.php?id=CVE-2011-0721
18 Feb 2011 — Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in shadow 1:4.1.4 allow local users to add new users or groups to /etc/passwd via the GECOS field. Múltiples vulnerabilidades de inyección CRLF en (1) chfn y (2) chsh sobre shadow 1:4.1.4 permiten agregar nuevos usuarios o grupos a /etc/passwd a los usuarios locales a través del campo GECOS. This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been fixed prior to January 1, 2012. The worst of these vul... • http://osvdb.org/70895 • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2008-5394 – Debian - Symlink In Login Arbitrary File Ownership
https://notcve.org/view.php?id=CVE-2008-5394
09 Dec 2008 — /bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line (aka ut_line) field in a utmp entry. /bin/login en shadow 4.0.18.1 en Debian GNU/Linux, y probablemente otras distribuciones de Linux, permiten a los usuarios locales en el el grupo utmp sobrescribir arbitrariamente archivos a través de un ataque de enlace simbólico en un archivo temporal ref... • https://www.exploit-db.com/exploits/7313 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.1EPSS: 1%CPEs: 8EXPL: 0CVE-2006-1174
https://notcve.org/view.php?id=CVE-2006-1174
28 May 2006 — useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and possibly allows attackers to read or modify the mailbox. • ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2006-1844
https://notcve.org/view.php?id=CVE-2006-1844
19 Apr 2006 — The Debian installer for the (1) shadow 4.0.14 and (2) base-config 2.53.10 packages includes sensitive information in world-readable log files, including preseeded passwords and pppoeconf passwords, which might allow local users to gain privileges. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356939 •