CVE-2011-0721

Published: 15 February 2011

Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in shadow 1:4.1.4 allow local users to add new users or groups to /etc/passwd via the GECOS field.

From the Ubuntu security team

Kees Cook discovered that some shadow utilities did not correctly validate user input. A local attacker could exploit this flaw to inject newlines into the /etc/passwd file. If the system was configured to use NIS, this could lead to existing NIS groups or users gaining or losing access to the system, resulting in a denial of service or unauthorized access.

Priority

Medium

Status

Package Release Status
shadow
Launchpad, Ubuntu, Debian
Upstream
Released (4.1.4.3)

Notes

AuthorNote
kees
introduce in the upstream 4.1.2 changes
https://alioth.debian.org/scm/viewvc.php?view=rev&root=pkg-shadow&revision=1978

References