This might be proprietary software.
|2019-11-04||CVE-2005-4890||There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process.||Debian_linux, Shadow, Enterprise_linux, Sudo||N/A|
|2006-04-19||CVE-2006-1844||The Debian installer for the (1) shadow 4.0.14 and (2) base-config 2.53.10 packages includes sensitive information in world-readable log files, including preseeded passwords and pppoeconf passwords, which might allow local users to gain privileges.||Base\-Config, Shadow||N/A|
|2006-05-28||CVE-2006-1174||useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and possibly allows attackers to read or modify the mailbox.||Shadow||N/A|
|2005-03-01||CVE-2004-1001||Unknown vulnerability in the passwd_check function in Shadow 18.104.22.168, and possibly other versions before 4.0.5, allows local users to conduct unauthorized activities when an error from a pam_chauthtok function call is not properly handled.||Shadow||N/A|
|2019-12-03||CVE-2013-4235||shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees||Debian_linux, Shadow, Fedora, Enterprise_linux||N/A|
|2011-02-19||CVE-2011-0721||Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in shadow 1:4.1.4 allow local users to add new users or groups to /etc/passwd via the GECOS field.||Shadow||N/A|
|2008-12-08||CVE-2008-5394||/bin/login in shadow 22.214.171.124 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line (aka ut_line) field in a utmp entry.||Shadow||N/A|