rpm package

suse/shadow&distro=SUSE Linux Enterprise Micro 5.4

pkg:rpm/suse/shadow&distro=SUSE%20Linux%20Enterprise%20Micro%205.4

Vulnerabilities (3)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2023-4641	—	< 4.8.1-150400.3.3.1	4.8.1-150400.3.3.1	Dec 27, 2023	A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve
CVE-2023-29383	—	< 4.8.1-150400.3.6.1	4.8.1-150400.3.6.1	Apr 14, 2023	In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc
CVE-2013-4235	—	< 4.8.1-150400.3.9.1	4.8.1-150400.3.9.1	Dec 3, 2019	shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees

CVE-2023-4641Dec 27, 2023
affected < 4.8.1-150400.3.3.1fixed 4.8.1-150400.3.3.1
A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve
CVE-2023-29383Apr 14, 2023
affected < 4.8.1-150400.3.6.1fixed 4.8.1-150400.3.6.1
In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc
CVE-2013-4235Dec 3, 2019
affected < 4.8.1-150400.3.9.1fixed 4.8.1-150400.3.9.1
shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees