Search CVE reports


Toggle filters

11 – 20 of 28 results


CVE-2005-4890

Low priority
Ignored

There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input...

2 affected packages

sudo, shadow

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
sudo Not affected Not affected
shadow Not affected Not affected
Show less packages

CVE-2018-7169

Low priority

Some fixes available 3 of 7

An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a...

1 affected package

shadow

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
shadow Not affected Not affected Fixed
Show less packages

CVE-2017-15924

Medium priority
Ignored

In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic, related to the add_server, build_config,...

1 affected package

shadowsocks-libev

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
shadowsocks-libev Not affected
Show less packages

CVE-2017-12424

Low priority

Some fixes available 2 of 4

In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other...

1 affected package

shadow

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
shadow Not affected Not affected Not affected
Show less packages

CVE-2017-2616

Medium priority

Some fixes available 8 of 13

A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions.

2 affected packages

shadow, util-linux

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
shadow Fixed
util-linux Not affected
Show less packages

CVE-2016-6251

Medium priority
Ignored

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none

1 affected package

shadow

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
shadow
Show less packages

CVE-2016-6252

Medium priority

Some fixes available 4 of 6

Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap.

1 affected package

shadow

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
shadow
Show less packages

CVE-2011-0721

Medium priority
Fixed

Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in shadow 1:4.1.4 allow local users to add new users or groups to /etc/passwd via the GECOS field.

1 affected package

shadow

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
shadow
Show less packages

CVE-2010-1151

Medium priority
Ignored

Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper...

1 affected package

libapache2-mod-auth-shadow

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libapache2-mod-auth-shadow
Show less packages

CVE-2008-5394

Medium priority
Fixed

/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line...

1 affected package

shadow

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
shadow
Show less packages