CVE-2011-0721
published 2011-02-19CVE-2011-0721: Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in shadow 1:4.1.4 allow local users to add new users or groups to /etc/passwd via the GECOS…
medium6.4CVSS 3.1
AVNACLAuNCNIPAP
Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in shadow 1:4.1.4 allow local users to add new users or groups to /etc/passwd via the GECOS field.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | shadow | < shadow 1:4.1.4.2+svn3283-3 (bookworm) | shadow 1:4.1.4.2+svn3283-3 (bookworm) |
| debian | shadow | — | — |
| shadow_project | shadow | >= 0 < 1:4.1.4.2+svn3283-3 | 1:4.1.4.2+svn3283-3 |
| shadow_project | shadow | >= 0 < 1:4.1.4.2+svn3283-3 | 1:4.1.4.2+svn3283-3 |
| shadow_project | shadow | >= 0 < 1:4.1.4.2+svn3283-3 | 1:4.1.4.2+svn3283-3 |
| shadow_project | shadow | >= 0 < 1:4.1.4.2+svn3283-3 | 1:4.1.4.2+svn3283-3 |
CVSS provenance
nvd6.4MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:P
osv6.4MEDIUM