Debian: >> Shadow >> 4.0.4.1 Security Vulnerabilities
There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process.
CVSS Score
7.8
EPSS Score
0.002
Published
2019-11-04
useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and possibly allows attackers to read or modify the mailbox.
CVSS Score
3.7
EPSS Score
0.001
Published
2006-05-28
Unknown vulnerability in the passwd_check function in Shadow 4.0.4.1, and possibly other versions before 4.0.5, allows local users to conduct unauthorized activities when an error from a pam_chauthtok function call is not properly handled.
CVSS Score
4.6
EPSS Score
0.001
Published
2005-03-01