Search for packages
| purl | pkg:deb/debian/shadow@1:4.13%2Bdfsg1-1%2Bdeb12u2?distro=trixie |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-2b4p-nehx-eyae | coreutils: tty hijacking possible in "su" via TIOCSTI ioctl |
CVE-2005-4890
|
| VCID-2bqp-dcbv-9yer | passwd command in shadow in Ubuntu 5.04 through 6.06 LTS, when called with the -f, -g, or -s flag, does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits. |
CVE-2006-3378
|
| VCID-2rhw-3aa1-k3fe | Buffer overflow in (1) grpck and (2) pwck, if installed setuid on a system as recommended in some AIX documentation, may allow local users to gain privileges via a long command line argument. |
CVE-2002-1594
|
| VCID-3wz1-hz4q-rqh5 | An insecure temporary file usage in Shadow may allow local users to gain root privileges. |
CVE-2008-5394
|
| VCID-74yx-3zfw-w7f2 | A vulnerability found in Shadow may allow local attackers to bypass security restrictions. |
CVE-2018-7169
|
| VCID-a5ny-vcsw-uqh1 | Multiple vulnerabilities have been found in Shadow, the worst of which might allow privilege escalation. |
(+
CVE-2017-2616 fix) regression |
| VCID-bcx3-q456-w7ad | shadow-utils: possible password leak during passwd(1) change |
CVE-2023-4641
|
| VCID-cabd-74q6-kug2 | The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. This allows local users to login as password-less users even if they are connected by non-physical means such as SSH (hence bypassing PAM's nullok_secure configuration). This notably affects environments such as virtual machines automatically generated with a default blank root password, allowing all local users to escalate privileges. |
CVE-2017-20002
|
| VCID-gzq6-6n1d-jyd7 | The Debian installer for the (1) shadow 4.0.14 and (2) base-config 2.53.10 packages includes sensitive information in world-readable log files, including preseeded passwords and pppoeconf passwords, which might allow local users to gain privileges. |
CVE-2006-1844
|
| VCID-jbed-4gsv-xkhu | A security issue in shadow allows a local user to perform certain actions with escalated privileges. |
CVE-2006-1174
|
| VCID-m3za-mkkw-p7e2 | shadow: Improper input validation in shadow-utils package utility chfn |
CVE-2023-29383
|
| VCID-m4sf-znhe-gubc | A vulnerability found in Shadow may allow remote attackers to cause a Denial of Service condition or produce other unspecified behaviors. |
CVE-2017-12424
|
| VCID-m7wk-m2nu-abgf | The installation of Debian GNU/Linux 3.1r1 from the network install CD creates /var/log/debian-installer/cdebconf with world writable permissions, which allows local users to cause a denial of service (disk consumption). |
CVE-2006-1376
|
| VCID-nx6h-9y1e-2ybh | The Ubuntu 5.10 installer does not properly clear passwords from the installer log file (questions.dat), and leaves the log file with world-readable permissions, which allows local users to gain privileges. |
CVE-2006-1183
|
| VCID-r9a4-2dw5-4bgq | Multiple Shadow utilities were installed with setuid permissions, allowing possible root privilege escalation. |
CVE-2019-19882
|
| VCID-shuq-ufcc-ruf5 | A TOCTOU race has been discovered in Shadow, which could result in the unauthorized modification of files. |
CVE-2013-4235
|
| VCID-ueu4-n6bt-xfat | Multiple vulnerabilities have been found in Shadow, the worst of which might allow privilege escalation. |
CVE-2016-6252
|
| VCID-w9fj-dfb7-z3gd | shadow-utils: useradd-mkdirs.patch creates intermediate directories with 0777 |
CVE-2018-16588
|
| VCID-y9eh-xkcp-wqcs | passwd before 1:4.0.13 on Ubuntu 6.06 LTS leaves the root password blank instead of locking it when the administrator selects the "Go Back" option after the final "Installation complete" message and uses the main menu, which causes the password to be zeroed out in the installer's memory. |
CVE-2006-3597
|
| VCID-z4em-vwpw-efd7 | Unknown vulnerability in the passwd_check function in Shadow 4.0.4.1, and possibly other versions before 4.0.5, allows local users to conduct unauthorized activities when an error from a pam_chauthtok function call is not properly handled. |
CVE-2004-1001
|
| VCID-zbq9-jt94-ckhd | This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been fixed prior to January 1, 2012. The worst of these vulnerabilities could lead to local privilege escalation and remote code execution. Please see the package list and CVE identifiers below for more information. |
CVE-2011-0721
|