CVE-2006-6683

Pedro Lineu Orso chetcpasswd 2.4.1 and earlier verifies and updates user accounts via custom code that processes /etc/shadow and does not follow the PAM configuration, which might allow remote attackers to bypass intended restrictions implemented through PAM.

Published: Dec 21, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-6683
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.8
AV:N/AC:L/Au:N/C:C/I:N/A:N

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
pedro_lineu_orso / chetcpasswd	2.2.1	2.2.1.x
pedro_lineu_orso / chetcpasswd	2.3.1	2.3.1.x
pedro_lineu_orso / chetcpasswd	2.3.3	2.3.3.x
pedro_lineu_orso / chetcpasswd	-	2.4.1.x
pedro_lineu_orso / chetcpasswd	2.1	2.1.x
pedro_lineu_orso / chetcpasswd	1.12	1.12.x

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=394454
http://www.securityfocus.com/bid/21102

Vulnerability Database

290,273

CVE-2006-6683