Kees Cook discovered that some shadow utilities did not correctly validate
user input. A local attacker could exploit this flaw to inject newlines into
the /etc/passwd file. If the system was configured to use NIS, this could
lead to existing NIS groups or users gaining or losing access to the system,
resulting in a denial of service or unauthorized access.
- CVE-2011-0721: An insufficient input sanitation in chfn can be exploited
to create users or groups in a NIS environment.
I'm not sure about the severity, but it looks like a newline injection. It might be possible to inject a line with UID=0. Unfortunately there is not much info about this vulnerability. Debian rates it as minor.
seems the .3 release is the .2 release plus this one fix (and a lot of regenerated files). so it should be fairly safe to stabilize quickly.
Thank you. Arches, please stabilize =sys-apps/shadow-126.96.36.199
works on amd64!
amd64 done. Thanks Agostino
Tested on SPARC, seems to work OK. Could stabilse.
Stable for HPPA.
Thanks, folks. GLSA request filed.
Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in shadow
1:4.1.4 allow local users to add new users or groups to /etc/passwd via the
This issue was resolved and addressed in
GLSA 201412-09 at http://security.gentoo.org/glsa/glsa-201412-09.xml
by GLSA coordinator Sean Amoss (ackle).