Shadow Project Shadow vulnerabilities

CVE-2023-4641 [MEDIUM] CVE-2023-4641: A flaw was found in shadow-utils A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.

CVE-2023-29383 [LOW] CWE-74 CVE-2023-29383: In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to

CVE-2017-20002 [HIGH] CVE-2017-20002: The Debian shadow package before 1:4 The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. This allows local users to login as password-less users even if they are connected by non-physical means such as SSH (hence bypassing PAM's nullok_secure configuration). This notably affects environments such as virtual machines automatically generated with a default blank root password, allowing

CVE-2019-19882 [HIGH] CWE-732 CVE-2019-19882: shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows l shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affects shadow 4.8 when compiled using --with-libpam but without explicitly passing --disable-account-tools-setuid, and without a PAM configuration suitable f

CVE-2013-4235 [MEDIUM] CVE-2013-4235: shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees

CVE-2005-4890 [HIGH] CVE-2005-4890: There is a possible tty hijacking in shadow 4 There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process.

CVE-2017-2616 [MEDIUM] CVE-2017-2616: A race condition was found in util-linux before 2 A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions.

CVE-2018-7169 [MEDIUM] CWE-732 CVE-2018-7169: An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivile An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used "group blacklisting" (e.

CVE-2017-12424 [CRITICAL] CWE-119 CVE-2017-12424: In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Contro

CVE-2016-6252 [HIGH] CWE-190 CVE-2016-6252: Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidma Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap.

CVE-2011-0721 [MEDIUM] CVE-2011-0721: Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in shadow 1:4 Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in shadow 1:4.1.4 allow local users to add new users or groups to /etc/passwd via the GECOS field.

CVE-2008-5394 [HIGH] CVE-2008-5394: /bin/login in shadow 4 /bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line (aka ut_line) field in a utmp entry.

CVE-2006-3378 [HIGH] CVE-2006-3378: passwd command in shadow in Ubuntu 5 passwd command in shadow in Ubuntu 5.04 through 6.06 LTS, when called with the -f, -g, or -s flag, does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits.

CVE-2006-1174 [LOW] CVE-2006-1174: useradd in shadow-utils before 4 useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and possibly allows attackers to read or modify the mailbox.

CVE-2006-1844 [LOW] CVE-2006-1844: The Debian installer for the (1) shadow 4 The Debian installer for the (1) shadow 4.0.14 and (2) base-config 2.53.10 packages includes sensitive information in world-readable log files, including preseeded passwords and pppoeconf passwords, which might allow local users to gain privileges.

CVE-2006-1376 [LOW] CVE-2006-1376: The installation of Debian GNU/Linux 3 The installation of Debian GNU/Linux 3.1r1 from the network install CD creates /var/log/debian-installer/cdebconf with world writable permissions, which allows local users to cause a denial of service (disk consumption).

CVE-2004-1001 [MEDIUM] CVE-2004-1001: Unknown vulnerability in the passwd_check function in Shadow 4 Unknown vulnerability in the passwd_check function in Shadow 4.0.4.1, and possibly other versions before 4.0.5, allows local users to conduct unauthorized activities when an error from a pam_chauthtok function call is not properly handled.