SUSE-SA:2005:064: pwdutils, shadow

This script is Copyright (C) 2005-2010 Tenable Network Security, Inc.


Synopsis :

The remote host is missing a vendor-supplied security patch

Description :

The remote host is missing the patch for the advisory SUSE-SA:2005:064 (pwdutils, shadow).


Thomas Gerisch found that the setuid 'chfn' program contained in the
pwdutils suite insufficiently checks it's arguments when changing
the GECOS field. This bug leads to a trivially exploitable local
privilege escalation that allows users to gain root access.

We like to thank Thomas Gerisch for pointing out the problem.

Solution :

http://www.suse.de/security/advisories/2005_64_pwdutils.html

Risk factor :

High

Family: SuSE Local Security Checks

Nessus Plugin ID: 20209 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now