Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
- Snyk ID SNYK-DEBIAN10-SHADOW-306266
- published 9 Dec 2008
- disclosed 9 Dec 2008
How to fix?
shadow to version 1:4.1.1-6 or higher.
Note: Versions mentioned in the description apply only to the upstream
shadow package and not the
shadow package as distributed by
How to fix? for
Debian:10 relevant fixed versions and status.
/bin/login in shadow 188.8.131.52 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line (aka ut_line) field in a utmp entry.