Search for packages
| purl | pkg:deb/debian/shadow@1:4.0.18.1-7 |
| Next non-vulnerable version | 1:4.13+dfsg1-1+deb12u2 |
| Latest non-vulnerable version | 1:4.13+dfsg1-1+deb12u2 |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2b4p-nehx-eyae
Aliases: CVE-2005-4890 |
coreutils: tty hijacking possible in "su" via TIOCSTI ioctl |
Affected by 9 other vulnerabilities. |
|
VCID-3wz1-hz4q-rqh5
Aliases: CVE-2008-5394 |
An insecure temporary file usage in Shadow may allow local users to gain root privileges. |
Affected by 11 other vulnerabilities. |
|
VCID-74yx-3zfw-w7f2
Aliases: CVE-2018-7169 |
A vulnerability found in Shadow may allow local attackers to bypass security restrictions. |
Affected by 3 other vulnerabilities. |
|
VCID-a5ny-vcsw-uqh1
Aliases: (+ CVE-2017-2616 fix) regression |
Multiple vulnerabilities have been found in Shadow, the worst of which might allow privilege escalation. |
Affected by 8 other vulnerabilities. Affected by 6 other vulnerabilities. |
|
VCID-bcx3-q456-w7ad
Aliases: CVE-2023-4641 |
shadow-utils: possible password leak during passwd(1) change |
Affected by 0 other vulnerabilities. |
|
VCID-cabd-74q6-kug2
Aliases: CVE-2017-20002 |
The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. This allows local users to login as password-less users even if they are connected by non-physical means such as SSH (hence bypassing PAM's nullok_secure configuration). This notably affects environments such as virtual machines automatically generated with a default blank root password, allowing all local users to escalate privileges. |
Affected by 4 other vulnerabilities. |
|
VCID-m3za-mkkw-p7e2
Aliases: CVE-2023-29383 |
shadow: Improper input validation in shadow-utils package utility chfn |
Affected by 0 other vulnerabilities. |
|
VCID-m4sf-znhe-gubc
Aliases: CVE-2017-12424 |
A vulnerability found in Shadow may allow remote attackers to cause a Denial of Service condition or produce other unspecified behaviors. |
Affected by 4 other vulnerabilities. |
|
VCID-mp2r-dfng-27ew
Aliases: DSA-3793-2 shadow |
regression update |
Affected by 8 other vulnerabilities. |
|
VCID-r9a4-2dw5-4bgq
Aliases: CVE-2019-19882 |
Multiple Shadow utilities were installed with setuid permissions, allowing possible root privilege escalation. |
Affected by 3 other vulnerabilities. |
|
VCID-ueu4-n6bt-xfat
Aliases: CVE-2016-6252 |
Multiple vulnerabilities have been found in Shadow, the worst of which might allow privilege escalation. |
Affected by 8 other vulnerabilities. Affected by 6 other vulnerabilities. |
|
VCID-zbq9-jt94-ckhd
Aliases: CVE-2011-0721 |
This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been fixed prior to January 1, 2012. The worst of these vulnerabilities could lead to local privilege escalation and remote code execution. Please see the package list and CVE identifiers below for more information. |
Affected by 9 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-2bqp-dcbv-9yer | passwd command in shadow in Ubuntu 5.04 through 6.06 LTS, when called with the -f, -g, or -s flag, does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits. |
CVE-2006-3378
|
| VCID-gzq6-6n1d-jyd7 | The Debian installer for the (1) shadow 4.0.14 and (2) base-config 2.53.10 packages includes sensitive information in world-readable log files, including preseeded passwords and pppoeconf passwords, which might allow local users to gain privileges. |
CVE-2006-1844
|
| VCID-jbed-4gsv-xkhu | A security issue in shadow allows a local user to perform certain actions with escalated privileges. |
CVE-2006-1174
|
| VCID-m7wk-m2nu-abgf | The installation of Debian GNU/Linux 3.1r1 from the network install CD creates /var/log/debian-installer/cdebconf with world writable permissions, which allows local users to cause a denial of service (disk consumption). |
CVE-2006-1376
|
| VCID-z4em-vwpw-efd7 | Unknown vulnerability in the passwd_check function in Shadow 4.0.4.1, and possibly other versions before 4.0.5, allows local users to conduct unauthorized activities when an error from a pam_chauthtok function call is not properly handled. |
CVE-2004-1001
|