Family: Ubuntu Local Security Checks --> Category: infos
USN17-1 : passwd vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
Detailed Explanation for this Vulnerability Test
These remote packages are missing security patches :
Martin Schulze and Steve Grubb discovered a flaw in the authentication
input validation of the "chfn" and "chsh" programs. This allowed
logged in users with an expired password to change their real name and
their login shell without having to change their password.
This flaw cannot lead to privilege escalation and does not allow to
modify account properties of other users, so the impact is relatively
Upgrade to :
- login-4.0.3-28.5ubuntu6.1 (Ubuntu 4.10)
- passwd-4.0.3-28.5ubuntu6.1 (Ubuntu 4.10)
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.