Oval Definition:	oval:org.mitre.oval:def:12855
Revision Date: 2014-06-23 Version: 19 Title: DSA-2164-1 shadow -- insufficient input sanitisation Description: Kees Cook discovered that the chfn and chsh utilities do not properly sanitise user input that includes newlines. An attacker could use this to to corrupt passwd entries and may create users or groups in NIS environments. Packages in the oldstable distribution are not affected by this problem. Family: unix Class: patch Status: ACCEPTED Reference(s): CVE-2011-0721 DSA-2164-1 Platform(s): Debian GNU/kFreeBSD 6.0 Debian GNU/Linux 6.0 Product(s): shadow Definition Synopsis Debian 6.0 is installed AND GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed OR Debian GNU/kFreeBSD is installed AND Installed architecture is all AND shadow DPKG is earlier than 1:4.1.4.2+svn3283-2+squeeze1
BACK