Univention Bugzilla – Bug 52968
shadow: Multiple issues (4.4)
Last modified: 2021-03-24 15:59:01 CET
New Debian shadow 1:4.4-4.1+deb9u1 fixes: This update addresses the following issues: * Buffer overflow via newusers tool (CVE-2017-12424) * The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. This allows local users to login as password-less users even if they are connected by non-physical means such as SSH (hence bypassing PAM's nullok_secure configuration). This notably affects environments such as virtual machines automatically generated with a default blank root password, allowing all local users to escalate privileges. (CVE-2017-20002)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/shadow_4.4-4.1.dsc +++ apt/ucs_4.4-0-errata4.4-7/source/shadow_4.4-4.1+deb9u1.dsc @@ -1,3 +1,20 @@ +1:4.4-4.1+deb9u1 [Wed, 17 Mar 2021 10:27:01 +0100] Sylvain Beucler <beuc@debian.org>: + + * Non-maintainer upload by the LTS Security Team. + * CVE-2017-20002: revert adding pts/0 and pts/1 to securetty. + Adding pts/* defeats the purpose of securetty. Let containers add it + if needed as described in #830255. + (cherry-picked from 1:4.5-1) + See also #877374 (previous proposed update) and #914957 + (/etc/securetty will be dropped in bullseye). + * CVE-2017-12424: the newusers tool could be made to manipulate internal + data structures in ways unintended by the authors. Malformed input may + lead to crashes (with a buffer overflow or other memory corruption) or + other unspecified behaviors. This crosses a privilege boundary in, for + example, certain web-hosting environments in which a Control Panel + allows an unprivileged user account to create subaccounts. + (Closes: #756630) + 1:4.4-4.1 [Wed, 17 May 2017 13:59:59 +0200] Salvatore Bonaccorso <carnil@debian.org>: * Non-maintainer upload. <http://piuparts.knut.univention.de/4.4-7/#8292891427075887129>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-7] 5f6b9dee13 Bug #52968: shadow 1:4.4-4.1+deb9u1 doc/errata/staging/shadow.yaml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x927>