CVE-2004-1001
published 2005-03-01CVE-2004-1001: Unknown vulnerability in the passwd_check function in Shadow 4.0.4.1, and possibly other versions before 4.0.5, allows local users to conduct unauthorized…
medium4.6CVSS 3.1
AVLACLAuNCPIPAP
Unknown vulnerability in the passwd_check function in Shadow 4.0.4.1, and possibly other versions before 4.0.5, allows local users to conduct unauthorized activities when an error from a pam_chauthtok function call is not properly handled.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | shadow | < shadow 1:4.0.3-35 (bookworm) | shadow 1:4.0.3-35 (bookworm) |
| debian | shadow | — | — |
| shadow_project | shadow | >= 0 < 1:4.0.3-35 | 1:4.0.3-35 |
| shadow_project | shadow | >= 0 < 1:4.0.3-35 | 1:4.0.3-35 |
| shadow_project | shadow | >= 0 < 1:4.0.3-35 | 1:4.0.3-35 |
| shadow_project | shadow | >= 0 < 1:4.0.3-35 | 1:4.0.3-35 |
CVSS provenance
nvd4.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
osv4.6MEDIUM