CVE-2017-12424
https://notcve.org/view.php?id=CVE-2017-12424
In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts. En las versiones de Shadow anteriores a la 4.5, la herramienta newusers podría utilizarse para manipular estructuras de datos internas de formas no permitidas por los desarrolladores. Las entradas manipuladas podrían llevar a caídas (con un desbordamiento de búfer u otros tipos de corrupción de memoria) o a otro tipo de comportamiento sin especificar. • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756630 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1266675 https://github.com/shadow-maint/shadow/commit/954e3d2e7113e9ac06632aee3c69b8d818cc8952 https://lists.debian.org/debian-lts-announce/2021/03/msg00020.html https://security.gentoo.org/glsa/201710-16 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-6252
https://notcve.org/view.php?id=CVE-2016-6252
Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap. Desbordamiento de enteros en shadow 4.2.1 permite a usuarios locales obtener privilegios a través de una entrada manipulada para newuidmap. • http://www.debian.org/security/2017/dsa-3793 http://www.openwall.com/lists/oss-security/2016/07/19/6 http://www.openwall.com/lists/oss-security/2016/07/19/7 http://www.openwall.com/lists/oss-security/2016/07/20/2 http://www.openwall.com/lists/oss-security/2016/07/25/7 http://www.securityfocus.com/bid/92055 https://bugzilla.suse.com/show_bug.cgi?id=979282 https://github.com/shadow-maint/shadow/issues/27 https://security.gentoo.org/glsa/201706-02 • CWE-190: Integer Overflow or Wraparound •
CVE-2011-0721
https://notcve.org/view.php?id=CVE-2011-0721
Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in shadow 1:4.1.4 allow local users to add new users or groups to /etc/passwd via the GECOS field. Múltiples vulnerabilidades de inyección CRLF en (1) chfn y (2) chsh sobre shadow 1:4.1.4 permiten agregar nuevos usuarios o grupos a /etc/passwd a los usuarios locales a través del campo GECOS. • http://osvdb.org/70895 http://secunia.com/advisories/42505 http://secunia.com/advisories/43345 http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.380014 http://www.debian.org/security/2011/dsa-2164 http://www.securityfocus.com/bid/46426 http://www.ubuntu.com/usn/USN-1065-1 http://www.vupen.com/english/advisories/2011/0396 http://www.vupen.com/english/advisories/2011/0398 http://www.vupen.com/english/advisories/2011/0773 https:& • CWE-20: Improper Input Validation •
CVE-2008-5394 – Debian - Symlink In Login Arbitrary File Ownership
https://notcve.org/view.php?id=CVE-2008-5394
/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line (aka ut_line) field in a utmp entry. /bin/login en shadow 4.0.18.1 en Debian GNU/Linux, y probablemente otras distribuciones de Linux, permiten a los usuarios locales en el el grupo utmp sobrescribir arbitrariamente archivos a través de un ataque de enlace simbólico en un archivo temporal referenciado en un campo línea (alias ut_line) en una entrada utmp. • https://www.exploit-db.com/exploits/7313 http://bugs.debian.org/332198 http://bugs.debian.org/505071 http://bugs.debian.org/505271 http://osvdb.org/52200 http://security.gentoo.org/glsa/glsa-200903-24.xml http://securityreason.com/securityalert/4695 http://www.mandriva.com/security/advisories?name=MDVSA-2009:062 http://www.securityfocus.com/archive/1/498769/100/0/threaded http://www.securityfocus.com/bid/32552 http://www.ubuntu.com/usn/usn-695-1 https:// • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2006-1174
https://notcve.org/view.php?id=CVE-2006-1174
useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and possibly allows attackers to read or modify the mailbox. • ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc http://cvs.pld.org.pl/shadow/NEWS?rev=1.109 http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html http://secunia.com/advisories/20370 http://secunia.com/advisories/20506 http://secunia.com/advisories/25098 http://secunia.com/advisories/25267 http://secunia.com/advisories/25629 http://secunia.com/advisories/25894 http://secunia.com/advisories/25896 http://secunia.com/advisories • CWE-264: Permissions, Privileges, and Access Controls •