Ubuntu: 1065-1: shadow vulnerability

02-15-2011

Registered User

26,240, 27

Join Date: Sep 2000

Last Activity: 1 August 2008, 3:09 PM EDT

Posts: 26,240

Thanks Given: 0

Thanked 27 Times in 26 Posts

Ubuntu: 1065-1: shadow vulnerability

LinuxSecurity.com: Kees Cook discovered that some shadow utilities did not correctly validateuser input. A local attacker could exploit this flaw to inject newlines intothe /etc/passwd file. If the system was configured to use NIS, this couldlead to existing NIS groups or users gaining or losing access to the system,resulting in a denial of service or unauthorized access. [More...]

More...

Linux Bot

View Public Profile for Linux Bot

Find all posts by Linux Bot

pwconv(1M) System Administration Commands pwconv(1M) NAME
pwconv - installs and updates /etc/shadow with information from /etc/passwd SYNOPSIS
pwconv DESCRIPTION
The pwconv command creates and updates /etc/shadow with information from /etc/passwd. pwconv relies on a special value of 'x' in the password field of /etc/passwd. This value of 'x' indicates that the password for the user is already in /etc/shadow and should not be modified. If the /etc/shadow file does not exist, this command will create /etc/shadow with information from /etc/passwd. The command populates /etc/shadow with the user's login name, password, and password aging information. If password aging information does not exist in /etc/passwd for a given user, none will be added to /etc/shadow. However, the last changed information will always be updated. If the /etc/shadow file does exist, the following tasks will be performed: Entries that are in the /etc/passwd file and not in the /etc/shadow file will be added to the /etc/shadow file. Entries that are in the /etc/shadow file and not in the /etc/passwd file will be removed from /etc/shadow. Password attributes (for example, password and aging information) that exist in an /etc/passwd entry will be moved to the corre- sponding entry in /etc/shadow. The pwconv command can only be used by the super-user. FILES
/etc/opasswd /etc/oshadow /etc/passwd /etc/shadow ATTRIBUTES
See attributes(5) for descriptions of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Availability |SUNWcsu | +-----------------------------+-----------------------------+ SEE ALSO
passwd(1), passmgmt(1M), usermod(1M), passwd(4), attributes(5) DIAGNOSTICS
pwconv exits with one of the following values: 0 SUCCESS. 1 Permission denied. 2 Invalid command syntax. 3 Unexpected failure. Conversion not done. 4 Unexpected failure. Password file(s) missing. 5 Password file(s) busy. Try again later. 6 Bad entry in /etc/shadow file. SunOS 5.10 9 Mar 1993 pwconv(1M)

Security Advisories (RSS)

Ubuntu: 1065-1: shadow vulnerability

LEARN ABOUT OPENDARWIN

pwconv