Synopsis
The remote host is missing a vendor-supplied security patch
Description
The remote host is missing the patch for the advisory SUSE-SA:2005:064 (pwdutils, shadow).
Thomas Gerisch found that the setuid 'chfn' program contained in the pwdutils suite insufficiently checks it's arguments when changing the GECOS field. This bug leads to a trivially exploitable local privilege escalation that allows users to gain root access.
We like to thank Thomas Gerisch for pointing out the problem.
Solution
http://www.suse.de/security/advisories/2005_64_pwdutils.html
Plugin Details
File Name: suse_SA_2005_064.nasl
Agent: unix
Supported Sensors: Nessus Agent, Nessus
Vulnerability Information
Required KB Items: Host/SuSE/rpm-list