Product:

Shadow

(Debian)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 3
Date ID Summary Products Score Patch
2019-11-04 CVE-2005-4890 There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process. Debian_linux, Shadow, Enterprise_linux, Sudo N/A
2011-02-19 CVE-2011-0721 Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in shadow 1:4.1.4 allow local users to add new users or groups to /etc/passwd via the GECOS field. Shadow N/A
2008-12-08 CVE-2008-5394 /bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line (aka ut_line) field in a utmp entry. Shadow N/A