CVE-2017-20002

Severity Score

7.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. This allows local users to login as password-less users even if they are connected by non-physical means such as SSH (hence bypassing PAM's nullok_secure configuration). This notably affects environments such as virtual machines automatically generated with a default blank root password, allowing all local users to escalate privileges.

El paquete shadow de Debian versiones anteriores a 4.5-1 para Shadow, enumera incorrectamente pts/0 y pts/1 como terminales físicos en /etc/securetty. Esto permite a usuarios locales iniciar sesión como usuarios sin contraseña incluso si están conectados por medios no físicos como SSH (por lo tanto, omitiendo una configuración nullok_secure de PAM). Esto afecta notablemente a entornos como las máquinas virtuales generadas automáticamente con una contraseña root en blanco predeterminada, permitiendo a todos los usuarios locales escalar privilegios

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-03-17 CVE Reserved
2021-03-17 CVE Published
2023-03-08 EPSS Updated
2024-08-05 CVE Updated
2024-08-05 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-269: Improper Privilege Management

CAPEC

References (3)

URL	Tag	Source

URL	Date	SRC
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914957	2024-08-05

URL	Date	SRC

URL	Date	SRC
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877374	2021-06-07
https://lists.debian.org/debian-lts-announce/2021/03/msg00020.html	2021-06-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Debian Search vendor "Debian"		Shadow Search vendor "Debian" for product "Shadow"				4.4 Search vendor "Debian" for product "Shadow" and version "4.4"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0"		-		Affected