Vulnerabilities > Debian > Shadow > High

DATE CVE VULNERABILITY TITLE RISK
2019-11-04 CVE-2005-4890 Improper Input Validation vulnerability in multiple products
There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program".
local
low complexity
debian sudo-project redhat CWE-20
7.2
2008-12-09 CVE-2008-5394 Link Following vulnerability in Debian Shadow 4.0.18.1
/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line (aka ut_line) field in a utmp entry.
local
low complexity
debian CWE-59
7.2