Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in shadow 1:4.1.4 allow local users to add new users or groups to /etc/passwd via the GECOS field.
Debian Bug report logs -
#628843
login: tty hijacking possible in "su" via TIOCSTI ioctl
Package:
src:shadow;
Maintainer for src:shadow is Shadow package maintainers <pkg-shadow-devel@listsaliothdebianorg>;
Reported by: Daniel Ruoso <daniel@ruosocom>
Date: Wed, 1 Jun 2011 19:27:02 UTC
Severity: important
Tags: c ...
Kees Cook discovered that the chfn and chsh utilities do not properly
sanitize user input that includes newlines An attacker could use this
to corrupt passwd entries and may create users or groups in NIS
environments
Packages in the oldstable distribution (lenny) are not affected by this
problem
For the stable distribution (squeeze), this proble ...