Search for packages
| purl | pkg:deb/debian/shadow@1:4.5-1.1 |
| Next non-vulnerable version | 1:4.13+dfsg1-1+deb12u2 |
| Latest non-vulnerable version | 1:4.13+dfsg1-1+deb12u2 |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-74yx-3zfw-w7f2
Aliases: CVE-2018-7169 |
A vulnerability found in Shadow may allow local attackers to bypass security restrictions. |
Affected by 3 other vulnerabilities. |
|
VCID-bcx3-q456-w7ad
Aliases: CVE-2023-4641 |
shadow-utils: possible password leak during passwd(1) change |
Affected by 0 other vulnerabilities. |
|
VCID-m3za-mkkw-p7e2
Aliases: CVE-2023-29383 |
shadow: Improper input validation in shadow-utils package utility chfn |
Affected by 0 other vulnerabilities. |
|
VCID-r9a4-2dw5-4bgq
Aliases: CVE-2019-19882 |
Multiple Shadow utilities were installed with setuid permissions, allowing possible root privilege escalation. |
Affected by 3 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-cabd-74q6-kug2 | The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. This allows local users to login as password-less users even if they are connected by non-physical means such as SSH (hence bypassing PAM's nullok_secure configuration). This notably affects environments such as virtual machines automatically generated with a default blank root password, allowing all local users to escalate privileges. |
CVE-2017-20002
|
| VCID-m4sf-znhe-gubc | A vulnerability found in Shadow may allow remote attackers to cause a Denial of Service condition or produce other unspecified behaviors. |
CVE-2017-12424
|