CVE-2011-0721

Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in shadow 1:4.1.4 allow local users to add new users or groups to /etc/passwd via the GECOS field.
Configurations

Configuration 1 (hide)

cpe:2.3:a:debian:shadow:1\:4.1.4:*:*:*:*:*:*:*

History

21 Nov 2024, 01:24

Type Values Removed Values Added
References () http://osvdb.org/70895 - () http://osvdb.org/70895 -
References () http://secunia.com/advisories/42505 - Vendor Advisory () http://secunia.com/advisories/42505 - Vendor Advisory
References () http://secunia.com/advisories/43345 - Vendor Advisory () http://secunia.com/advisories/43345 - Vendor Advisory
References () http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.380014 - () http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.380014 -
References () http://www.debian.org/security/2011/dsa-2164 - () http://www.debian.org/security/2011/dsa-2164 -
References () http://www.securityfocus.com/bid/46426 - () http://www.securityfocus.com/bid/46426 -
References () http://www.ubuntu.com/usn/USN-1065-1 - () http://www.ubuntu.com/usn/USN-1065-1 -
References () http://www.vupen.com/english/advisories/2011/0396 - Vendor Advisory () http://www.vupen.com/english/advisories/2011/0396 - Vendor Advisory
References () http://www.vupen.com/english/advisories/2011/0398 - Vendor Advisory () http://www.vupen.com/english/advisories/2011/0398 - Vendor Advisory
References () http://www.vupen.com/english/advisories/2011/0773 - () http://www.vupen.com/english/advisories/2011/0773 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/65564 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/65564 -

Information

Published : 2011-02-19 01:00

Updated : 2024-11-21 01:24


NVD link : CVE-2011-0721

Mitre link : CVE-2011-0721

CVE.ORG link : CVE-2011-0721


JSON object : View

Products Affected

debian

  • shadow
CWE
CWE-20

Improper Input Validation