| 0 |
| url |
VCID-1825-pyg3-judq |
| vulnerability_id |
VCID-1825-pyg3-judq |
| summary |
There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2005-4890
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1825-pyg3-judq |
|
| 1 |
| url |
VCID-asyx-dsrh-jucv |
| vulnerability_id |
VCID-asyx-dsrh-jucv |
| summary |
Unknown vulnerability in the passwd_check function in Shadow 4.0.4.1, and possibly other versions before 4.0.5, allows local users to conduct unauthorized activities when an error from a pam_chauthtok function call is not properly handled. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2004-1001
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-asyx-dsrh-jucv |
|
| 2 |
|
| 3 |
|
| 4 |
| url |
VCID-fwpa-4fjf-cyck |
| vulnerability_id |
VCID-fwpa-4fjf-cyck |
| summary |
/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line (aka ut_line) field in a utmp entry. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2008-5394
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fwpa-4fjf-cyck |
|
| 5 |
|
| 6 |
| url |
VCID-m5g8-vygv-k7h8 |
| vulnerability_id |
VCID-m5g8-vygv-k7h8 |
| summary |
In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2017-12424
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-m5g8-vygv-k7h8 |
|
| 7 |
| url |
VCID-ne69-w9my-h3b5 |
| vulnerability_id |
VCID-ne69-w9my-h3b5 |
| summary |
useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and possibly allows attackers to read or modify the mailbox. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2006-1174
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ne69-w9my-h3b5 |
|
| 8 |
|
| 9 |
| url |
VCID-pvaf-2w8m-dqh6 |
| vulnerability_id |
VCID-pvaf-2w8m-dqh6 |
| summary |
The Debian installer for the (1) shadow 4.0.14 and (2) base-config 2.53.10 packages includes sensitive information in world-readable log files, including preseeded passwords and pppoeconf passwords, which might allow local users to gain privileges. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2006-1844
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pvaf-2w8m-dqh6 |
|
| 10 |
| url |
VCID-rzku-j388-8uac |
| vulnerability_id |
VCID-rzku-j388-8uac |
| summary |
An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used "group blacklisting" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2018-7169
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rzku-j388-8uac |
|
| 11 |
| url |
VCID-u81v-k8sa-37dy |
| vulnerability_id |
VCID-u81v-k8sa-37dy |
| summary |
The installation of Debian GNU/Linux 3.1r1 from the network install CD creates /var/log/debian-installer/cdebconf with world writable permissions, which allows local users to cause a denial of service (disk consumption). |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2006-1376
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-u81v-k8sa-37dy |
|
| 12 |
|
| 13 |
| url |
VCID-xfeg-m5k9-zbb7 |
| vulnerability_id |
VCID-xfeg-m5k9-zbb7 |
| summary |
passwd command in shadow in Ubuntu 5.04 through 6.06 LTS, when called with the -f, -g, or -s flag, does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2006-3378
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xfeg-m5k9-zbb7 |
|
| 14 |
|
| 15 |
| url |
VCID-yb5x-m5sw-6fga |
| vulnerability_id |
VCID-yb5x-m5sw-6fga |
| summary |
A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
|
| aliases |
(+, CVE-2017-2616, fix), regression
|
| risk_score |
2.5 |
| exploitability |
0.5 |
| weighted_severity |
5.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-yb5x-m5sw-6fga |
|
| 16 |
| url |
VCID-zcvg-7dvz-tue9 |
| vulnerability_id |
VCID-zcvg-7dvz-tue9 |
| summary |
The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. This allows local users to login as password-less users even if they are connected by non-physical means such as SSH (hence bypassing PAM's nullok_secure configuration). This notably affects environments such as virtual machines automatically generated with a default blank root password, allowing all local users to escalate privileges. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2017-20002
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zcvg-7dvz-tue9 |
|