CVE-2004-1001

7 documents7 sources

Severity

4.6MEDIUM

EPSS

0.1%

top 76.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Shadow

Timeline

PublishedMar 1

Latest updateApr 29

Description

Unknown vulnerability in the passwd_check function in Shadow 4.0.4.1, and possibly other versions before 4.0.5, allows local users to conduct unauthorized activities when an error from a pam_chauthtok function call is not properly handled.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages2 packages

▶Debianshadow< 1:4.0.3-35+3

▶NVDdebian/shadow4.0.4.1

🔴Vulnerability Details

GHSA

GHSA-5j45-g3wc-p66h: Unknown vulnerability in the passwd_check function in Shadow 4↗2022-04-29

▶

OSV

CVE-2004-1001: Unknown vulnerability in the passwd_check function in Shadow 4↗2005-03-01

▶

CVEList

CVE-2004-1001: Unknown vulnerability in the passwd_check function in Shadow 4↗2004-11-04

▶

💥Exploits & PoCs

Exploit-DB

Medal of Honor Spearhead (Linux) - Server Remote Buffer Overflow↗2005-02-18

▶

📋Vendor Advisories

Ubuntu

passwd vulnerability↗2004-11-05

▶

Debian

CVE-2004-1001: shadow - Unknown vulnerability in the passwd_check function in Shadow 4.0.4.1, and possib...↗2004

▶