Nixpkgs security tracker

Login with GitHub

Suggestions search

All statuses
Filter by:
With package: shadow

Found 1 matching suggestions

View:
Compact
Detailed
Dismissed
Permalink CVE-2005-4890
updated 3 months, 1 week ago by @LeSuisse Activity log
  • Created suggestion 3 months, 1 week ago
  • @LeSuisse ignored
    40 packages
    • tests.hardeningFlags-clang.allExplicitDisabledShadowStack
    • tests.hardeningFlags-clang.shadowStackExplicitDisabled
    • tests.hardeningFlags-clang.shadowStackExplicitEnabled
    • tests.hardeningFlags.allExplicitDisabledShadowStack
    • tests.hardeningFlags-gcc.shadowStackExplicitEnabled
    • tests.hardeningFlags.shadowStackExplicitEnabled
    • tests.hardeningFlags-gcc.shadowStackExplicitDisabled
    • tests.hardeningFlags.shadowStackExplicitDisabled
    • tests.hardeningFlags-gcc.allExplicitDisabledShadowStack
    • obs-studio-plugins.obs-stroke-glow-shadow
    • su
    • qsudo
    • sudo-rs
    • psudohash
    • shadowenv
    • shadowfox
    • sudo-font
    • shadow-tls
    • darwin.sudo
    • gnome-sudoku
    • doas-sudo-shim
    • lxqt.lxqt-sudo
    • go-shadowsocks2
    • shadowsocks-rust
    • yaziPlugins.sudo
    • shadowsocks-libev
    • libsForQt5.ksudoku
    • kdePackages.ksudoku
    • typstPackages.shadowed
    • plasma5Packages.ksudoku
    • shadowsocks-v2ray-plugin
    • fishPlugins.plugin-sudope
    • haskellPackages.shadowsocks
    • typstPackages.shadowed_0_1_0
    • shadow
    • haskellPackages.Unixutils-shadow
    • wayfirePlugins.wayfire-shadows
    • typstPackages.shadowed_0_2_0
    • typstPackages.shadowed_0_1_2
    • typstPackages.shadowed_0_1_1
    3 months, 1 week ago
  • @LeSuisse restored package shadow 3 months, 1 week ago
  • @LeSuisse dismissed 3 months, 1 week ago
There is a possible tty hijacking in shadow 4.x before …

There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process.

Affected products

sudo
  • ==1.x before 1.7.4
shadow
  • ==4.x before 4.1.5

Matching in nixpkgs

pkgs.shadow

Suite containing authentication-related tools such as passwd and su

Ignored packages (39)

pkgs.su

Suite containing authentication-related tools such as passwd and su

pkgs.psudohash

Password list generator for orchestrating brute force attacks and cracking hashes

pkgs.shadowenv

reversible directory-local environment variable manipulations

pkgs.shadowfox

Universal dark theme for Firefox while adhering to the modern design principles set by Mozilla

pkgs.sudo-font

Font for programmers and command line users

  • nixos-unstable 3.4
    • nixpkgs-unstable 3.4
    • nixos-unstable-small 3.4
  • nixos-25.11 3.4
    • nixos-25.11-small 3.4
    • nixpkgs-25.11-darwin 3.4

pkgs.gnome-sudoku

Test your logic skills in this number grid puzzle

  • nixos-unstable 49.4
    • nixpkgs-unstable 49.4
    • nixos-unstable-small 49.4
  • nixos-25.11 49.2
    • nixos-25.11-small 49.2
    • nixpkgs-25.11-darwin 49.2

Package maintainers

Old issue. Never impacted the current stable branch.