CVE-2004-1001

EPSS 0.08%

shadow - programming error

Published: 3/1/2005Modified: 4/28/2026

Description

Unknown vulnerability in the passwd_check function in Shadow 4.0.4.1, and possibly other versions before 4.0.5, allows local users to conduct unauthorized activities when an error from a pam_chauthtok function call is not properly handled.

Affected packages (2)

Debian/shadowfrom 0, < 1:4.0.3-35
Debian/shadowfrom 0, < 20000902-12woody1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2004-1001