CVE-2017-20002

Published: 17 March 2021

The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. This allows local users to login as password-less users even if they are connected by non-physical means such as SSH (hence bypassing PAM's nullok_secure configuration). This notably affects environments such as virtual machines automatically generated with a default blank root password, allowing all local users to escalate privileges.

Priority

Medium

CVSS 3 base score: 7.8

Status

Package Release Status
shadow
Launchpad, Ubuntu, Debian
Upstream
Released (1:4.5-1)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(1:4.5-1ubuntu2)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(1:4.2-3.1ubuntu5.4)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable