|
Family: Ubuntu Local Security Checks --> Category: infos
USN17-1 : passwd vulnerabilities Vulnerability Scan
Vulnerability Scan Summary passwd vulnerabilities
Detailed Explanation for this Vulnerability Test
Synopsis :
These remote packages are missing security patches :
- login
- passwd
Description :
Martin Schulze and Steve Grubb discovered a flaw in the authentication
input validation of the "chfn" and "chsh" programs. This allowed
logged in users with an expired password to change their real name and
their login shell without having to change their password.
This flaw cannot lead to privilege escalation and does not allow to
modify account properties of other users, so the impact is relatively
low.
Solution :
Upgrade to :
- login-4.0.3-28.5ubuntu6.1 (Ubuntu 4.10)
- passwd-4.0.3-28.5ubuntu6.1 (Ubuntu 4.10)
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|