Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in shadow 1:4.1.4 allow local users to add new users or groups to /etc/passwd via the GECOS field.
References
Configurations
History
21 Nov 2024, 01:24
Type | Values Removed | Values Added |
---|---|---|
References | () http://osvdb.org/70895 - | |
References | () http://secunia.com/advisories/42505 - Vendor Advisory | |
References | () http://secunia.com/advisories/43345 - Vendor Advisory | |
References | () http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.380014 - | |
References | () http://www.debian.org/security/2011/dsa-2164 - | |
References | () http://www.securityfocus.com/bid/46426 - | |
References | () http://www.ubuntu.com/usn/USN-1065-1 - | |
References | () http://www.vupen.com/english/advisories/2011/0396 - Vendor Advisory | |
References | () http://www.vupen.com/english/advisories/2011/0398 - Vendor Advisory | |
References | () http://www.vupen.com/english/advisories/2011/0773 - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/65564 - |
Information
Published : 2011-02-19 01:00
Updated : 2024-11-21 01:24
NVD link : CVE-2011-0721
Mitre link : CVE-2011-0721
CVE.ORG link : CVE-2011-0721
JSON object : View
Products Affected
debian
- shadow
CWE
CWE-20
Improper Input Validation