Kees Cook discovered that the chfn and chsh utilities do not properly sanitize user input that includes newlines. An attacker could use this to corrupt passwd entries and may create users or groups in NIS environments. Packages in the oldstable distribution (lenny) are not affected by this problem. For the stable distribution (squeeze), this problem has been fixed in version 1:4.1.4.2+svn3283-2+squeeze1. For the testing (wheezy) and unstable (sid) distributions, this problem will be fixed soon. We recommend that you upgrade your shadow packages.
Kees Cook discovered that the chfn and chsh utilities do not properly sanitize user input that includes newlines. An attacker could use this to corrupt passwd entries and may create users or groups in NIS environments.
Packages in the oldstable distribution (lenny) are not affected by this problem.
For the stable distribution (squeeze), this problem has been fixed in version 1:4.1.4.2+svn3283-2+squeeze1.
For the testing (wheezy) and unstable (sid) distributions, this problem will be fixed soon.
We recommend that you upgrade your shadow packages.