Описание
A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support |
| devel | not-affected | 1:4.13+dfsg1-3ubuntu1 |
| esm-infra-legacy/trusty | released | 1:4.1.5.1-1ubuntu9.5+esm4 |
| esm-infra/bionic | released | 1:4.5-1ubuntu2.5+esm1 |
| esm-infra/focal | released | 1:4.8.1-1ubuntu5.20.04.5 |
| esm-infra/xenial | released | 1:4.2-3.1ubuntu5.5+esm4 |
| focal | released | 1:4.8.1-1ubuntu5.20.04.5 |
| jammy | released | 1:4.8.1-2ubuntu2.2 |
| lunar | ignored | end of life, was needed |
| mantic | released | 1:4.13+dfsg1-1ubuntu1.1 |
Показывать по
EPSS
4.7 Medium
CVSS3
Связанные уязвимости
A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.
A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.
A flaw was found in shadow-utils. When asking for a new password, shad ...
EPSS
4.7 Medium
CVSS3