USN-17-1: passwd vulnerability

5 November 2004

passwd vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 4.10

Software Description

Details

Martin Schulze and Steve Grubb discovered a flaw in the authentication input validation of the “chfn” and “chsh” programs. This allowed logged in users with an expired password to change their real name and their login shell without having to change their password.

This flaw cannot lead to privilege escalation and does not allow to modify account properties of other users, so the impact is relatively low.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 4.10
login

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

References