USN-1065-1 -- shadow vulnerabilityID: oval:org.secpod.oval:def:700230 | Date: (C)2011-02-18 (M)2021-09-11 |
Class: PATCH | Family: unix |
Kees Cook discovered that some shadow utilities did not correctly validate user input. A local attacker could exploit this flaw to inject newlines into the /etc/passwd file. If the system was configured to use NIS, this could lead to existing NIS groups or users gaining or losing access to the system, resulting in a denial of service or unauthorized access.
Platform: |
Ubuntu 10.10 |
Ubuntu 9.10 |
Ubuntu 10.04 |