CVE-2017-20002

CWE-269Improper Privilege Management6 documents6 sources
Severity
7.8HIGH
EPSS
0.1%
top 83.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian Debian LinuxDebian Shadow
Timeline
PublishedMar 17
Latest updateMay 24

Description

The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. This allows local users to login as password-less users even if they are connected by non-physical means such as SSH (hence bypassing PAM's nullok_secure configuration). This notably affects environments such as virtual machines automatically generated with a default blank root password, allowing all local users to escalate privileges.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDdebian/shadow4.4
Debianshadow< 1:4.5-1+3

Also affects: Debian Linux 9.0

🔴Vulnerability Details

3
GHSA
GHSA-2m59-rw4g-9g7x: The Debian shadow package before 42022-05-24
CVEList
CVE-2017-20002: The Debian shadow package before 1:42021-03-17
OSV
CVE-2017-20002: The Debian shadow package before 1:42021-03-17

💥Exploits & PoCs

1
Exploit-DB
Linux Kernel 4.4.0 (Ubuntu) - DCCP Double-Free (PoC)2017-02-26

📋Vendor Advisories

1
Debian
CVE-2017-20002: shadow - The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and ...2017
CVE-2017-20002 (HIGH CVSS 7.8) | The Debian shadow package before 1: | cvebase.io