Debian Shadow vulnerabilities

CVE-2006-3597 [HIGH] CVE-2006-3597: shadow - passwd before 1:4.0.13 on Ubuntu 6.06 LTS leaves the root password blank instead... passwd before 1:4.0.13 on Ubuntu 6.06 LTS leaves the root password blank instead of locking it when the administrator selects the "Go Back" option after the final "Installation complete" message and uses the main menu, which causes the password to be zeroed out in the installer's memory. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved t

CVE-2004-1001 [MEDIUM] CVE-2004-1001: Unknown vulnerability in the passwd_check function in Shadow 4.0.4.1, and possibly other versions be Unknown vulnerability in the passwd_check function in Shadow 4.0.4.1, and possibly other versions before 4.0.5, allows local users to conduct unauthorized activities when an error from a pam_chauthtok function call is not properly handled.

CVE-2002-1594 [HIGH] CVE-2002-1594: shadow - Buffer overflow in (1) grpck and (2) pwck, if installed setuid on a system as re... Buffer overflow in (1) grpck and (2) pwck, if installed setuid on a system as recommended in some AIX documentation, may allow local users to gain privileges via a long command line argument. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved