shadow: privilege escalation
| Package(s): | passwd shadow | CVE #(s): | |||||
| Created: | July 6, 2006 | Updated: | July 12, 2006 | ||||
| Description: | Ilja van Sprundel discovered that passwd, when called with the -f, -g, or -s option, did not check the result of the setuid() call. On systems that configure PAM limits for the maximum number of user processes, a local attacker could exploit this to execute chfn, gpasswd, or chsh with root privileges. | ||||||
| Alerts: |
| ||||||