CVE-2011-0721
Published: 15 February 2011
Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in shadow 1:4.1.4 allow local users to add new users or groups to /etc/passwd via the GECOS field.
From the Ubuntu Security Team
Kees Cook discovered that some shadow utilities did not correctly validate user input. A local attacker could exploit this flaw to inject newlines into the /etc/passwd file. If the system was configured to use NIS, this could lead to existing NIS groups or users gaining or losing access to the system, resulting in a denial of service or unauthorized access.
Notes
Author | Note |
---|---|
kees | introduce in the upstream 4.1.2 changes https://alioth.debian.org/scm/viewvc.php?view=rev&root=pkg-shadow&revision=1978 |