Common Vulnerabilities and Exposures assigned an identifier CVE-2011-0721 to
the following vulnerability:
Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in
shadow 1:4.1.4 allow local users to add new users or groups to
/etc/passwd via the GECOS field.
This issue did NOT affect the versions of util-linux package, as shipped
with Red Hat Enterprise Linux 3, 4, or 5.
This issue did NOT affect the version of the util-linux-ng package, as shipped
with Red Hat Enterprise Linux 6.
This issue did not affect the versions of the util-linux-ng packages, as shipped
with Fedora release of 13 and 14.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):