CVE-2021-40084

Name of the Vulnerable Software and Affected Versions opensysusers versions 0.6 and earlier

Description The issue arises from the unsafe use of eval on files in sysusers.d that may contain shell metacharacters. This allows for command execution via a crafted GECOS field, which is not the case with systemd-sysusers, a program that follows the same specification.

Recommendations For opensysusers versions 0.6 and earlier, consider disabling the use of eval on files in sysusers.d until a patch is available. Restrict access to the sysusers.d directory to minimize the risk of exploitation. Avoid using crafted GECOS fields in the affected files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.