Bug 62889 (CVE-2004-1001)

Summary: VUL-0: CVE-2004-1001: shadow: retocde not checked
Product: [Novell Products] SUSE Security Incidents Reporter: Thomas Biege <thomas>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED INVALID QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: patch-request, security-team
Version: unspecified   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: CVE-2004-1001: CVSS v2 Base Score: 4.6 (AV:L/AC:L/Au:N/C:P/I:P/A:P)
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: 036_CAN-2004-1001_passwd_check.diff

Description Thomas Biege 2004-11-03 18:41:34 UTC 
Hello, 
please have a look at: 
	http://secunia.com/advisories/13028
Comment 1 Thomas Biege 2004-11-03 18:41:34 UTC 
<!-- SBZ_reproduce  -->
-
Comment 2 Thomas Biege 2004-11-03 18:42:21 UTC 
CAN-2004-1001
Comment 3 Thomas Biege 2004-11-03 18:42:47 UTC 
Created attachment 25738 [details]
036_CAN-2004-1001_passwd_check.diff
Comment 4 Thorsten Kukuk 2004-11-03 19:00:39 UTC 
??  
We have no shadow package in 9.2. 
We have no shadow package in 9.1. 
 
We have no product with chfn/chsh from the shadow package. 
 
Our version has nothing common with the shadow sources.
Comment 5 Thomas Biege 2009-10-13 19:58:07 UTC 
CVE-2004-1001: CVSS v2 Base Score: 4.6 (AV:L/AC:L/Au:N/C:P/I:P/A:P)