CVE-2011-0721 Information

Description

Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in shadow 1:4.1.4 allow local users to add new users or groups to /etc/passwd via the GECOS field.

Reference

http://osvdb.org/70895 http://secunia.com/advisories/42505 http://secunia.com/advisories/43345 http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.380014 http://www.debian.org/security/2011/dsa-2164 http://www.securityfocus.com/bid/46426 http://www.ubuntu.com/usn/USN-1065-1 http://www.vupen.com/english/advisories/2011/0396 http://www.vupen.com/english/advisories/2011/0398 http://www.vupen.com/english/advisories/2011/0773 https://exchange.xforce.ibmcloud.com/vulnerabilities/65564