CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-16110
https://notcve.org/view.php?id=CVE-2019-16110
The network protocol of Blade Shadow though 2.13.3 allows remote attackers to take control of a Shadow instance and execute arbitrary code by only knowing the victim's IP address, because packet data can be injected into the unencrypted UDP packet stream. El protocolo de red de Blade Shadow, versiones hasta la versión 2.13.3, permite a los atacantes remotos tomar el control de una instancia Shadow y ejecutar código arbitrario solo conociendo la dirección IP de la víctima, porque los datos del paquete pueden ser inyectados en el flujo de paquetes UDP no cifrados. • https://sigint.sh/#/cve-2019-16110 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 1CVE-2005-4890
https://notcve.org/view.php?id=CVE-2005-4890
There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process. Se presenta un posible secuestro de tty en shadow versiones 4.x anteriores a 4.1.5 y sudo versiones 1.x anteriores a 1.7.4 por medio de "su - user -c program". La sesión de usuario puede ser escapada a la sesión principal mediante el uso de la ioctl TIOCSTI para insertar caracteres en el búfer de entrada para ser leídos por el siguiente proceso. • http://www.openwall.com/lists/oss-security/2012/11/06/8 http://www.openwall.com/lists/oss-security/2013/05/20/3 http://www.openwall.com/lists/oss-security/2013/11/28/10 http://www.openwall.com/lists/oss-security/2013/11/29/5 http://www.openwall.com/lists/oss-security/2014/10/20/9 http://www.openwall.com/lists/oss-security/2014/10/21/1 http://www.openwall.com/lists/oss-security/2014/12/15/5 http://www.openwall.com/lists/oss-security/201 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-16588
https://notcve.org/view.php?id=CVE-2018-16588
Privilege escalation can occur in the SUSE useradd.c code in useradd, as distributed in the SUSE shadow package through 4.2.1-27.9.1 for SUSE Linux Enterprise 12 (SLE-12) and through 4.5-5.39 for SUSE Linux Enterprise 15 (SLE-15). Non-existing intermediate directories are created with mode 0777 during user creation. Given that they are world-writable, local attackers might use this for privilege escalation and other unspecified attacks. NOTE: this would affect non-SUSE users who took useradd.c code from a 2014-04-02 upstream pull request; however, no non-SUSE distribution is known to be affected. Puede ocurrir un escalado de privilegios en el código SUSE useradd en useradd.c, tal y como se distribuye en el paquete SUSE shadow hasta la versión 4.2.1-27.9.1 para SUSE Linux Enterprise 12 (SLE-12) y hasta la versión 4.5-5.39 para SUSE Linux Enterprise 15 (SLE-15). • http://lists.opensuse.org/opensuse-security-announce/2018-09/msg00073.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-12424
https://notcve.org/view.php?id=CVE-2017-12424
In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts. En las versiones de Shadow anteriores a la 4.5, la herramienta newusers podría utilizarse para manipular estructuras de datos internas de formas no permitidas por los desarrolladores. Las entradas manipuladas podrían llevar a caídas (con un desbordamiento de búfer u otros tipos de corrupción de memoria) o a otro tipo de comportamiento sin especificar. • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756630 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1266675 https://github.com/shadow-maint/shadow/commit/954e3d2e7113e9ac06632aee3c69b8d818cc8952 https://lists.debian.org/debian-lts-announce/2021/03/msg00020.html https://security.gentoo.org/glsa/201710-16 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2011-0721
https://notcve.org/view.php?id=CVE-2011-0721
Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in shadow 1:4.1.4 allow local users to add new users or groups to /etc/passwd via the GECOS field. Múltiples vulnerabilidades de inyección CRLF en (1) chfn y (2) chsh sobre shadow 1:4.1.4 permiten agregar nuevos usuarios o grupos a /etc/passwd a los usuarios locales a través del campo GECOS. • http://osvdb.org/70895 http://secunia.com/advisories/42505 http://secunia.com/advisories/43345 http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.380014 http://www.debian.org/security/2011/dsa-2164 http://www.securityfocus.com/bid/46426 http://www.ubuntu.com/usn/USN-1065-1 http://www.vupen.com/english/advisories/2011/0396 http://www.vupen.com/english/advisories/2011/0398 http://www.vupen.com/english/advisories/2011/0773 https:& • CWE-20: Improper Input Validation •