Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

Pardus: 2011-47: Shadow: CRLF Injections

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) Pardus: 2011-47: Shadow: CRLF Injections
# 1  
Old 02-21-2011
Pardus: 2011-47: Shadow: CRLF Injections
LinuxSecurity.com: Multiple vulnerabilities have been fixed in shadow, which can be exploited by malicious people to inject newlines into the /etc/passwd file.

More...
Login or Register to Ask a Question

Previous Thread | Next Thread

1 More Discussions You Might Find Interesting

1. Web Development

CRLF to LF PHP

So I have this PHP script that takes info from HTML form and saves the info to a txt file. Here is the code <?php $input = $_POST; $dateposted = date("m-d-Y-His"); $fp = fopen("/some/location/public_html/sh/$dateposted.txt", "w"); fwrite($fp, $input.).'&nbsp;'; fclose($fp);... (16 Replies)
Discussion started by: GroveTuckey
16 Replies
Login or Register to Ask a Question

LEARN ABOUT OPENSOLARIS

pwconv

pwconv(1M)						  System Administration Commands						pwconv(1M)

NAME

       pwconv - installs and updates /etc/shadow with information from /etc/passwd

SYNOPSIS

       pwconv

DESCRIPTION

       The pwconv command creates and updates /etc/shadow with information from /etc/passwd.

       pwconv relies on a special value of 'x' in the password field of /etc/passwd. This value of 'x' indicates that the password for the user is
       already in /etc/shadow and should not be modified.

       If the /etc/shadow file does not exist, this command will create /etc/shadow with  information  from  /etc/passwd.  The	command  populates
       /etc/shadow  with  the  user's  login  name,  password,	and  password  aging  information. If password aging information does not exist in
       /etc/passwd for a given user, none will be added to  /etc/shadow. However, the last changed information will always be updated.

       If the  /etc/shadow file does exist, the following tasks will be performed:

	   Entries that are in the  /etc/passwd file and not in the /etc/shadow file will be added to the /etc/shadow file.

	   Entries that are in the  /etc/shadow file and not in the /etc/passwd file will be removed from /etc/shadow.

	   Password attributes (for example, password and aging information)  that exist in an /etc/passwd entry will be moved to the  correspond-
	   ing entry in  /etc/shadow.

       The pwconv command can only be used by the super-user.

FILES

       /etc/opasswd

       /etc/oshadow

       /etc/passwd

       /etc/shadow

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWcsu			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       passwd(1), passmgmt(1M), usermod(1M), passwd(4), attributes(5)

DIAGNOSTICS

       pwconv exits with one of the following values:

       0    SUCCESS.

       1    Permission denied.

       2    Invalid command syntax.

       3    Unexpected failure.  Conversion not done.

       4    Unexpected failure.  Password file(s) missing.

       5    Password file(s) busy.  Try again later.

       6    Bad entry in /etc/shadow file.

SunOS 5.11							    9 Mar 1993								pwconv(1M)