Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 355207 (CVE-2011-0721) - <sys-apps/shadow- privilege escalation / DoS in NIS environments (CVE-2011-0721)
Summary: <sys-apps/shadow- privilege escalation / DoS in NIS environments (CVE...
Alias: CVE-2011-0721
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High critical (vote)
Assignee: Gentoo Security
Whiteboard: A1 [glsa]
Depends on:
Reported: 2011-02-16 16:53 UTC by Paweł Hajdan, Jr. (RETIRED)
Modified: 2014-12-12 00:36 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-02-16 16:53:57 UTC
Kees Cook discovered that some shadow utilities did not correctly validate
user input. A local attacker could exploit this flaw to inject newlines into
the /etc/passwd file. If the system was configured to use NIS, this could
lead to existing NIS groups or users gaining or losing access to the system,
resulting in a denial of service or unauthorized access.

- CVE-2011-0721: An insufficient input sanitation in chfn can be exploited
  to create users or groups in a NIS environment.
Comment 1 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-02-16 17:22:54 UTC
I'm not sure about the severity, but it looks like a newline injection. It might be possible to inject a line with UID=0. Unfortunately there is not much info about this vulnerability. Debian rates it as minor.
Comment 2 SpanKY gentoo-dev 2011-02-17 05:33:29 UTC
seems the .3 release is the .2 release plus this one fix (and a lot of regenerated files).  so it should be fairly safe to stabilize quickly.
Comment 3 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-02-17 15:37:47 UTC
Thank you. Arches, please stabilize =sys-apps/shadow-
Comment 4 Agostino Sarubbo gentoo-dev 2011-02-17 17:01:22 UTC
works on amd64!
Comment 5 Markos Chandras (RETIRED) gentoo-dev 2011-02-17 19:52:29 UTC
amd64 done. Thanks Agostino
Comment 6 Kacper Kowalik (Xarthisius) (RETIRED) gentoo-dev 2011-02-17 20:16:47 UTC
ppc/ppc64 stable
Comment 7 Alex Buell 2011-02-18 11:47:30 UTC
Tested on SPARC, seems to work OK. Could stabilse.
Comment 8 Jeroen Roovers (RETIRED) gentoo-dev 2011-02-18 13:03:14 UTC
Stable for HPPA.
Comment 9 Markus Meier gentoo-dev 2011-02-19 19:20:16 UTC
arm stable
Comment 10 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-02-20 12:04:08 UTC
x86 stable
Comment 11 Raúl Porcel (RETIRED) gentoo-dev 2011-02-26 16:51:37 UTC
alpha/ia64/m68k/s390/sh/sparc stable
Comment 12 Tim Sammut (RETIRED) gentoo-dev 2011-02-26 19:43:48 UTC
Thanks, folks. GLSA request filed.
Comment 13 GLSAMaker/CVETool Bot gentoo-dev 2011-06-24 20:01:36 UTC
CVE-2011-0721 (
  Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in shadow
  1:4.1.4 allow local users to add new users or groups to /etc/passwd via the
  GECOS field.
Comment 14 GLSAMaker/CVETool Bot gentoo-dev 2014-12-12 00:36:49 UTC
This issue was resolved and addressed in
 GLSA 201412-09 at
by GLSA coordinator Sean Amoss (ackle).