Vulnerabilities > Shadow Project

DATE CVE VULNERABILITY TITLE RISK
2023-04-14 CVE-2023-29383 Injection vulnerability in Shadow Project Shadow 4.13
In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger).
local
low complexity
shadow-project CWE-74
3.3
2019-12-18 CVE-2019-19882 Incorrect Permission Assignment for Critical Resource vulnerability in Shadow Project Shadow 4.8
shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured.
local
low complexity
shadow-project CWE-732
7.8
2018-02-15 CVE-2018-7169 Incorrect Permission Assignment for Critical Resource vulnerability in Shadow Project Shadow 4.5
An issue was discovered in shadow 4.5.
network
low complexity
shadow-project CWE-732
5.3
2017-08-04 CVE-2017-12424 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors.
network
low complexity
shadow-project debian CWE-119
critical
9.8
2017-02-17 CVE-2016-6252 Integer Overflow or Wraparound vulnerability in Shadow Project Shadow 4.2.1
Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap.
local
low complexity
shadow-project CWE-190
7.8