CRLF Injection Vulnerabilities in Shadow by The Shadow Project
CVE-2011-0721

Currently unrated

Key Information:

Vendor: Debian
Status: Shadow
Vendor: CVE Published:; 19 February 2011

Summary

Multiple CRLF injection vulnerabilities exist in the shadow suite, particularly in the chfn and chsh utilities. These weaknesses enable local users to manipulate the GECOS field, potentially altering the /etc/passwd file. Such actions may allow unauthorized additions of users or groups, compromising the integrity of user account management on the system.

References

http://www.vupen.com/english/advisories/2011/0398

vdb-entryx_refsource_VUPEN

http://www.vupen.com/english/advisories/2011/0773

vdb-entryx_refsource_VUPEN

http://secunia.com/advisories/43345

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Feb 19, 2011
Vulnerability Reserved
Feb 1, 2011