CVE-2017-20002
Summary
| CVE | CVE-2017-20002 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-03-17 06:15:00 UTC |
| Updated | 2021-06-07 14:58:00 UTC |
| Description | The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. This allows local users to login as password-less users even if they are connected by non-physical means such as SSH (hence bypassing PAM's nullok_secure configuration). This notably affects environments such as virtual machines automatically generated with a default blank root password, allowing all local users to escalate privileges. |
Risk And Classification
Problem Types: CWE-269
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| #877374 - stretch-pu: shadow 1:4.4-4.1+deb9u1 - Debian Bug report logs | MISC | bugs.debian.org | |
| #914957 - login: removal of pts/* from /etc/securetty wasn't applied in stretch - Debian Bug report logs | MISC | bugs.debian.org | |
| [SECURITY] [DLA 2596-1] shadow security update | MLIST | lists.debian.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 178494 Debian Security Update for shadow (DLA 2596-1)