CVE-2011-0721
Priority
Medium
Description
Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in shadow
1:4.1.4 allow local users to add new users or groups to /etc/passwd via the
GECOS field.
1:4.1.4 allow local users to add new users or groups to /etc/passwd via the
GECOS field.
Ubuntu-Description
Kees Cook discovered that some shadow utilities did not correctly
validate user input. A local attacker could exploit this flaw to inject
newlines into the /etc/passwd file. If the system was configured to use NIS,
this could lead to existing NIS groups or users gaining or losing access to
the system, resulting in a denial of service or unauthorized access.
validate user input. A local attacker could exploit this flaw to inject
newlines into the /etc/passwd file. If the system was configured to use NIS,
this could lead to existing NIS groups or users gaining or losing access to
the system, resulting in a denial of service or unauthorized access.
References
Notes
kees> introduce in the upstream 4.1.2 changes
kees> https://alioth.debian.org/scm/viewvc.php?view=rev&root=pkg-shadow&revision=1978
kees> https://alioth.debian.org/scm/viewvc.php?view=rev&root=pkg-shadow&revision=1978
Package
| Upstream: | released (4.1.4.3) |
| Ubuntu 8.04 LTS (Hardy Heron): | not-affected |
| Ubuntu 10.04 LTS (Lucid Lynx): | released (1:4.1.4.2-1ubuntu2.2) |
| Ubuntu 11.04 (Natty Narwhal): | released (1:4.1.4.2+svn3283-2ubuntu3) |