CVE-2011-0721

Name of the Vulnerable Software and Affected Versions shadow version 1:4.1.4

Description The issue concerns CRLF injection vulnerabilities in the chfn and chsh utilities within the shadow package. This allows local users to modify the /etc/passwd file by adding new users or groups via the GECOS field.

Recommendations For shadow version 1:4.1.4, consider restricting access to the chfn and chsh utilities until a patch is available. As a temporary workaround, avoid using the GECOS field in the chfn and chsh utilities to minimize the risk of exploitation.