CVE-2011-0721
EPSS 1.4%shadow - missing input sanitization
發布日:2011/2/19修改日:2026/4/28
也稱為:DEBIAN-CVE-2011-0721
描述
Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in shadow 1:4.1.4 allow local users to add new users or groups to /etc/passwd via the GECOS field.
受影響套件(2)
- Debian/shadowfrom 0, < 1:4.1.4.2+svn3283-3
- Debian/shadowfrom 0, < 1:4.1.4.2+svn3283-2+squeeze1