Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

Debian: 2164-1: shadow: insufficient input sanitiza

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) Debian: 2164-1: shadow: insufficient input sanitiza
# 1  
Old 02-16-2011
Debian: 2164-1: shadow: insufficient input sanitiza
LinuxSecurity.com: Kees Cook discovered that the chfn and chsh utilities do not properly sanitize user input that includes newlines. An attacker could use this to to corrupt passwd entries and may create users or groups in NIS environments. [More...]

More...
Login or Register to Ask a Question

Previous Thread | Next Thread

2 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Converting freebsd (5.2.1) master.passwd to Debian shadow

I'm trying to make this work, and it half works. Accounts with password hashes matching the old crypt(3) algorithm work just fine: JUpfW/w6jo6aw But accounts with longer password hashes preceded by $1$, such as the following, do not work: $1$iIcbppdP$HDyjJeVMGgJ.ovLsnjtTR.... (0 Replies)
Discussion started by: davidstvz
0 Replies

2. UNIX for Advanced & Expert Users

[Debian] Stop input from keyboard and mouse

Dear friends, I need to stop getting input from keyboard and mouse at some specific time like, every day from 6 PM to 7PM likewise. How can I do this. Kindly guide me to do this. I need to block the input. I am using Debian OS. (5 Replies)
Discussion started by: nagalenoj
5 Replies
Login or Register to Ask a Question

LEARN ABOUT V7

chsh

CHSH(1) 							   User Commands							   CHSH(1)

NAME

       chsh - change login shell

SYNOPSIS

       chsh [options] [LOGIN]

DESCRIPTION

       The chsh command changes the user login shell. This determines the name of the user's initial login command. A normal user may only change
       the login shell for her own account; the superuser may change the login shell for any account.

OPTIONS

       The options which apply to the chsh command are:

       -h, --help
	   Display help message and exit.

       -R, --root CHROOT_DIR
	   Apply changes in the CHROOT_DIR directory and use the configuration files from the CHROOT_DIR directory.

       -s, --shell SHELL
	   The name of the user's new login shell. Setting this field to blank causes the system to select the default login shell.

       If the -s option is not selected, chsh operates in an interactive fashion, prompting the user with the current login shell. Enter the new
       value to change the shell, or leave the line blank to use the current one. The current shell is displayed between a pair of [ ] marks.

NOTE

       The only restriction placed on the login shell is that the command name must be listed in /etc/shells, unless the invoker is the superuser,
       and then any value may be added. An account with a restricted login shell may not change her login shell. For this reason, placing /bin/rsh
       in /etc/shells is discouraged since accidentally changing to a restricted shell would prevent the user from ever changing her login shell
       back to its original value.

FILES

       /etc/passwd
	   User account information.

       /etc/shells
	   List of valid login shells.

       /etc/login.defs
	   Shadow password suite configuration.

SEE ALSO

       chfn(1), login.defs(5), passwd(5).

shadow-utils 4.5						    01/25/2018								   CHSH(1)