Debian Security Advisory DSA 585-1 (shadow) Network Vulnerability

Summary

The remote host is missing an update to shadow announced via advisory DSA 585-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20585-1

Insight

A vulnerability has been discovered in the shadow suite which provides programs like chfn and chsh. It is possible for a user, who is logged in but has an expired password to alter his account information with chfn or chsh without having to change the password. The problem was originally thought to be more severe. For the stable distribution (woody) this problem has been fixed in version 20000902-12woody1. For the unstable distribution (sid) this problem has been fixed in version 4.0.3-30.3. We recommend that you upgrade your passwd package (from the shadow

Severity

Classification

CVE CVE-2004-1001

CVSS	Base Score: 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Debian Security Advisory DSA 1061-1 (popfile)
Debian Security Advisory DSA 035-1 (man2html)
Debian Security Advisory DSA 1079-1 (mysql-dfsg)
Debian Security Advisory DSA 023-1 (inn2)
Debian Security Advisory DSA 1058-1 (awstats)

Take action and discover your vulnerabilities