Search for packages
| purl | pkg:deb/debian/shadow@1:4.13%2Bdfsg1-1%2Bdeb12u1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-5u13-xzak-aaac | A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory. |
CVE-2023-4641
|
| VCID-ve96-dzxq-aaak | shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees |
CVE-2013-4235
|
| VCID-wtbj-a4a5-aaan | In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account. |
CVE-2023-29383
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-21T08:49:19.313130+00:00 | Debian Importer | Fixing | VCID-5u13-xzak-aaac | None | 36.1.3 |
| 2025-06-21T01:17:46.470765+00:00 | Debian Importer | Fixing | VCID-wtbj-a4a5-aaan | https://security-tracker.debian.org/tracker/data/json | 36.1.3 |
| 2025-06-21T00:39:40.170598+00:00 | Debian Importer | Fixing | VCID-ve96-dzxq-aaak | None | 36.1.3 |
| 2025-06-20T23:40:49.672385+00:00 | Debian Importer | Fixing | VCID-wtbj-a4a5-aaan | None | 36.1.3 |
| 2025-06-20T23:18:27.706448+00:00 | Debian Importer | Fixing | VCID-ve96-dzxq-aaak | https://security-tracker.debian.org/tracker/data/json | 36.1.3 |
| 2025-06-20T20:26:53.934729+00:00 | Debian Importer | Fixing | VCID-5u13-xzak-aaac | https://security-tracker.debian.org/tracker/data/json | 36.1.3 |
| 2025-06-05T14:17:03.187969+00:00 | Debian Importer | Fixing | VCID-5u13-xzak-aaac | https://security-tracker.debian.org/tracker/data/json | 36.1.0 |
| 2025-05-17T22:17:37.967829+00:00 | Debian Importer | Fixing | VCID-ve96-dzxq-aaak | https://security-tracker.debian.org/tracker/data/json | 36.0.0 |
| 2025-05-17T17:01:53.690794+00:00 | Debian Importer | Fixing | VCID-ve96-dzxq-aaak | None | 36.0.0 |
| 2025-05-15T16:43:20.997594+00:00 | Debian Importer | Fixing | VCID-5u13-xzak-aaac | None | 36.0.0 |
| 2025-05-15T07:38:44.356816+00:00 | Debian Importer | Fixing | VCID-wtbj-a4a5-aaan | https://security-tracker.debian.org/tracker/data/json | 36.0.0 |
| 2025-05-15T05:40:19.288279+00:00 | Debian Importer | Fixing | VCID-wtbj-a4a5-aaan | None | 36.0.0 |
| 2025-05-15T01:59:25.871989+00:00 | Debian Importer | Fixing | VCID-5u13-xzak-aaac | https://security-tracker.debian.org/tracker/data/json | 36.0.0 |