Pedro Lineu Orso » Chetcpasswd : Security Vulnerabilities, CVEs,
Heap-based buffer overflow in Pedro Lineu Orso chetcpasswd 2.3.3 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long REMOTE_ADDR environment variable. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
7.2
EPSS Score
0.04%
Published
2006-12-21
Updated
2010-07-16
Heap-based buffer overflow in Pedro Lineu Orso chetcpasswd before 2.4 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long X-Forwarded-For HTTP header. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
7.5
EPSS Score
1.25%
Published
2006-12-21
Updated
2019-11-13
Pedro Lineu Orso chetcpasswd 2.4.1 and earlier verifies and updates user accounts via custom code that processes /etc/shadow and does not follow the PAM configuration, which might allow remote attackers to bypass intended restrictions implemented through PAM.
Max CVSS
7.8
EPSS Score
0.15%
Published
2006-12-21
Updated
2019-11-13
Pedro Lineu Orso chetcpasswd before 2.4 relies on the X-Forwarded-For HTTP header when verifying a client's status on an IP address ACL, which allows remote attackers to gain unauthorized access by spoofing this header.
Max CVSS
7.5
EPSS Score
1.08%
Published
2006-12-21
Updated
2024-01-25
4 vulnerabilities found