CVE-2011-0721

Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in shadow 1:4.1.4 allow local users to add new users or groups to /etc/passwd via the GECOS field.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:P/A:P
canonicalCNA
---
---
CVEADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 79%
Debian logo
Debian Releases
Debian Product
Codename
shadow
bullseye
1:4.8.1-1
fixed
lenny
not-affected
bookworm
1:4.13+dfsg1-1
fixed
sid
1:4.16.0-4
fixed
trixie
1:4.16.0-4
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
shadow
maverick
Fixed 1:4.1.4.2-1ubuntu3.2
released
lucid
Fixed 1:4.1.4.2-1ubuntu2.2
released
karmic
Fixed 1:4.1.4.1-1ubuntu2.2
released
hardy
not-affected
dapper
not-affected