CVE-2011-0721

EPSS 1.4%

shadow - missing input sanitization

Published: 2/19/2011Modified: 4/28/2026

Description

Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in shadow 1:4.1.4 allow local users to add new users or groups to /etc/passwd via the GECOS field.

Affected packages (2)

Debian/shadowfrom 0, < 1:4.1.4.2+svn3283-3
Debian/shadowfrom 0, < 1:4.1.4.2+svn3283-2+squeeze1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2011-0721