CRLF Injection Vulnerabilities in Shadow by The Shadow Project
CVE-2011-0721

Currently unrated

Key Information:

Vendor: Debian
Status: Shadow
Vendor: CVE Published:; 19 February 2011

What is CVE-2011-0721?

Multiple CRLF injection vulnerabilities exist in the shadow suite, particularly in the chfn and chsh utilities. These weaknesses enable local users to manipulate the GECOS field, potentially altering the /etc/passwd file. Such actions may allow unauthorized additions of users or groups, compromising the integrity of user account management on the system.

References

http://www.vupen.com/english/advisories/2011/0398

vdb-entryx_refsource_VUPEN

http://www.vupen.com/english/advisories/2011/0773

vdb-entryx_refsource_VUPEN

http://secunia.com/advisories/43345

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 19, 2011
Vulnerability Reserved
Feb 1, 2011

Debian

What is CVE-2011-0721?

References

Timeline