Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. This allows local users to login as password-less users even if they are connected by non-physical means such as SSH (hence bypassing PAM's nullok_secure configuration). This notably affects environments such as virtual machines automatically generated with a default blank root password, allowing all local users to escalate privileges.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
shadow 安全漏洞
Vulnerability Description
shadow是一套用于维护Debian系统的工具套件。 Debian shadow package before 4.5-1 存在安全漏洞,该漏洞允许本地用户作为无密码用户登录,允许所有本地用户升级特权。
CVSS Information
N/A
Vulnerability Type
N/A