Common Vulnerabilities and Exposures assigned an identifier CVE-2011-0721 to the following vulnerability: Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in shadow 1:4.1.4 allow local users to add new users or groups to /etc/passwd via the GECOS field. References: [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0721 [2] http://www.debian.org/security/2011/dsa-2164 [3] http://www.ubuntu.com/usn/USN-1065-1 [4] http://www.securityfocus.com/bid/46426 [5] http://secunia.com/advisories/42505 [6] http://secunia.com/advisories/43345 [7] http://www.vupen.com/english/advisories/2011/0396 [8] http://www.vupen.com/english/advisories/2011/0398
This issue did NOT affect the versions of util-linux package, as shipped with Red Hat Enterprise Linux 3, 4, or 5. This issue did NOT affect the version of the util-linux-ng package, as shipped with Red Hat Enterprise Linux 6. -- This issue did not affect the versions of the util-linux-ng packages, as shipped with Fedora release of 13 and 14.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2011-0721