CVE-2017-20002

Published: Mar 17, 2021Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. This allows local users to login as password-less users even if they are connected by non-physical means such as SSH (hence bypassing PAM's nullok_secure configuration). This notably affects environments such as virtual machines automatically generated with a default blank root password, allowing all local users to escalate privileges.

Affected (2)

Products: Debian: Debian Linux, Shadow

2 products

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 9.0
Debian Shadow	Version 4.4

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (6)

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877374

Source: cve@mitre.org

Mailing ListVendor Advisory

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914957

Source: cve@mitre.org

ExploitMailing ListVendor Advisory

https://lists.debian.org/debian-lts-announce/2021/03/msg00020.html

Source: cve@mitre.org

Mailing ListVendor Advisory

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877374

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListVendor Advisory

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914957

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitMailing ListVendor Advisory

https://lists.debian.org/debian-lts-announce/2021/03/msg00020.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListVendor Advisory

Timeline

No history available yet.