CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2017-20002
https://notcve.org/view.php?id=CVE-2017-20002
17 Mar 2021 — The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. This allows local users to login as password-less users even if they are connected by non-physical means such as SSH (hence bypassing PAM's nullok_secure configuration). This notably affects environments such as virtual machines automatically generated with a default blank root password, allowing all local users to escalate privileges. El paquete shadow de Debian versiones anteriore... • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877374 • CWE-269: Improper Privilege Management •
CVSS: 4.7EPSS: 0%CPEs: 8EXPL: 0CVE-2013-4235 – Ubuntu Security Notice USN-5745-1
https://notcve.org/view.php?id=CVE-2013-4235
03 Dec 2019 — shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees shadow: condición de carrera TOCTOU (de tiempo de comprobación y tiempo de uso) cuando se copia y elimina árboles de directorio. Florian Weimer discovered that shadow was not properly copying and removing user directory trees, which could lead to a race condition. A local attacker could possibly use this issue to setup a symlink attack and alter or remove directories without authorization. • https://access.redhat.com/security/cve/cve-2013-4235 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 1CVE-2005-4890
https://notcve.org/view.php?id=CVE-2005-4890
04 Nov 2019 — There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process. Se presenta un posible secuestro de tty en shadow versiones 4.x anteriores a 4.1.5 y sudo versiones 1.x anteriores a 1.7.4 por medio de "su - user -c program". La sesión de usuario puede ser escapada a la sesión principal mediante el uso de la... • http://www.openwall.com/lists/oss-security/2012/11/06/8 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-12424 – Ubuntu Security Notice USN-5254-1
https://notcve.org/view.php?id=CVE-2017-12424
04 Aug 2017 — In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts. En las versiones de Shadow anteriores a la 4.5, la herramienta newusers podría utilizarse para m... • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756630 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2011-0721 – Gentoo Linux Security Advisory 201412-09
https://notcve.org/view.php?id=CVE-2011-0721
18 Feb 2011 — Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in shadow 1:4.1.4 allow local users to add new users or groups to /etc/passwd via the GECOS field. Múltiples vulnerabilidades de inyección CRLF en (1) chfn y (2) chsh sobre shadow 1:4.1.4 permiten agregar nuevos usuarios o grupos a /etc/passwd a los usuarios locales a través del campo GECOS. This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been fixed prior to January 1, 2012. The worst of these vul... • http://osvdb.org/70895 • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2008-5394 – Debian - Symlink In Login Arbitrary File Ownership
https://notcve.org/view.php?id=CVE-2008-5394
09 Dec 2008 — /bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line (aka ut_line) field in a utmp entry. /bin/login en shadow 4.0.18.1 en Debian GNU/Linux, y probablemente otras distribuciones de Linux, permiten a los usuarios locales en el el grupo utmp sobrescribir arbitrariamente archivos a través de un ataque de enlace simbólico en un archivo temporal ref... • https://www.exploit-db.com/exploits/7313 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.1EPSS: 0%CPEs: 8EXPL: 0CVE-2006-1174
https://notcve.org/view.php?id=CVE-2006-1174
28 May 2006 — useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and possibly allows attackers to read or modify the mailbox. • ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2006-1844
https://notcve.org/view.php?id=CVE-2006-1844
19 Apr 2006 — The Debian installer for the (1) shadow 4.0.14 and (2) base-config 2.53.10 packages includes sensitive information in world-readable log files, including preseeded passwords and pppoeconf passwords, which might allow local users to gain privileges. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356939 •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2004-1001
https://notcve.org/view.php?id=CVE-2004-1001
04 Nov 2004 — Unknown vulnerability in the passwd_check function in Shadow 4.0.4.1, and possibly other versions before 4.0.5, allows local users to conduct unauthorized activities when an error from a pam_chauthtok function call is not properly handled. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000894 •