shadow-utils
Products
1- 5 CVEs
Recent CVEs
5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-4641 | 0.00 | — | 0.00 | Dec 27, 2023 | A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve… | |||
| CVE-2018-7169 | 0.00 | — | 0.02 | Feb 15, 2018 | An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to… | |||
| CVE-2006-1174 | 0.00 | — | 0.00 | May 28, 2006 | useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and possibly allows attackers to read… | |||
| CVE-2002-1509 | 0.00 | — | 0.00 | Mar 3, 2003 | A patch for shadow-utils 20000902 causes the useradd command to create a mail spool files with read/write privileges of the new user's group (mode 660), which allows other users in the same group to read or modify the new user's incoming email. | |||
| CVE-2001-0120 | 0.00 | — | 0.00 | Mar 12, 2001 | useradd program in shadow-utils program may allow local users to overwrite arbitrary files via a symlink attack. |
- CVE-2023-4641Dec 27, 2023risk 0.00cvss —epss 0.00
A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve…
- CVE-2018-7169Feb 15, 2018risk 0.00cvss —epss 0.02
An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to…
- CVE-2006-1174May 28, 2006risk 0.00cvss —epss 0.00
useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and possibly allows attackers to read…
- CVE-2002-1509Mar 3, 2003risk 0.00cvss —epss 0.00
A patch for shadow-utils 20000902 causes the useradd command to create a mail spool files with read/write privileges of the new user's group (mode 660), which allows other users in the same group to read or modify the new user's incoming email.
- CVE-2001-0120Mar 12, 2001risk 0.00cvss —epss 0.00
useradd program in shadow-utils program may allow local users to overwrite arbitrary files via a symlink attack.