Test ID:	1.3.6.1.4.1.25623.1.0.51384
Category:	Conectiva Local Security Checks
Title:	Conectiva Security Advisory CLA-2004:894
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory CLA-2004:894. shadow-utils[1] is a collection of utilities for managing shadow password files and user/group accounts. Martin Schulze reported a vulnerability[2] in the passwd_check() function in libmisc/pwdcheck.c which is used by chfn and chsh and thus may allow a local attacker to use them to change the standard shell of other users or modify their GECOS information (full name, phone number...). Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://shadow.pld.org.pl/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1001 http://www.securityspace.com/smysecure/catid.html?in=CLA-2004:894 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002004 Risk factor : Medium CVSS Score: 4.6
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2004-1001 Conectiva Linux advisory: CLA-2004:894 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000894 Debian Security Information: DSA-585 (Google Search) http://www.debian.org/security/2004/dsa-585 http://secunia.com/advisories/13028 XForce ISS Database: shadow-pwdcheck-modify-account(17902) https://exchange.xforce.ibmcloud.com/vulnerabilities/17902
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.