147570 – Unauthorized account properties modification (chfn and chsh)

Bug 147570 - Unauthorized account properties modification (chfn and chsh)

Summary: Unauthorized account properties modification (chfn and chsh)

Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	shadow-utils
Sub Component:	(Show other bugs)
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Peter Vrabec
QA Contact:	David Lawrence
Docs Contact:
URL:	http://cvs.pld.org.pl/shadow/NEWS?rev...
Whiteboard:
Keywords:	Security
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2005-02-09 13:43 UTC by Marcin Garski
Modified:	2007-11-30 22:11 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2005-03-04 10:02:33 UTC
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---
Dependent Products:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Marcin Garski 2005-02-09 13:43:07 UTC

shadow-4.0.5 has fixed securirty bug in libmisc/pwdcheck.c which allow
unauthorized account properties modification. Affected tools: chfn and
chsh. See URL for changelog.

Please consider updating shadow-utils to 4.0.7 version (as I know this
is how bugs are fixed in FC, package is updated to newer version
instead of backporting patch to old version), the newer version can
and probably will fix some open bugs on bugzilla.

Note You need to log in before you can comment on or make changes to this bug.