Debian Linux Security Advisory 2164-1 - Kees Cook discovered that the chfn and chsh utilities do not properly sanitize user input that includes newlines. An attacker could use this to to corrupt passwd entries and may create users or groups in NIS environments.
3c7165f169abaa8fe7fc4e48f066e16009452afff08998bc155b3bce7e40bb3b
Ubuntu Security Notice 1065-1 - Kees Cook discovered that some shadow utilities did not correctly validate user input. A local attacker could exploit this flaw to inject newlines into the /etc/passwd file. If the system was configured to use NIS, this could lead to existing NIS groups or users gaining or losing access to the system, resulting in a denial of service or unauthorized access.
92adb8f4be3a172b9daf23a25bcfb40f576aef58e5527fc907ecb89a7df62a69