[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247974

 
 

909

 
 

194654

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-1174Date: (C)2006-05-28   (M)2023-12-22


useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and possibly allows attackers to read or modify the mailbox.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 3.7
Exploit Score: 1.9
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: HIGH
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1018221
BID-18111
http://www.securityfocus.com/archive/1/468336/100/0/threaded
20070602-01-P
http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html
SECUNIA-20370
SECUNIA-20506
SECUNIA-25098
SECUNIA-25267
SECUNIA-25629
SECUNIA-25894
SECUNIA-25896
SECUNIA-26909
SECUNIA-27706
ADV-2006-2006
ADV-2007-3229
GLSA-200606-02
MDKSA-2006:090
RHSA-2007:0276
RHSA-2007:0431
VU#312692
http://cvs.pld.org.pl/shadow/NEWS?rev=1.109
http://support.avaya.com/elmodocs2/security/ASA-2007-249.htm
https://issues.rpath.com/browse/RPL-1357
oval:org.mitre.oval:def:10807
shadow-utils-useradd-file-permission(26958)

CPE    8
cpe:/a:debian:shadow:4.0.6
cpe:/a:debian:shadow:4.0.5
cpe:/a:debian:shadow:4.0.4
cpe:/a:debian:shadow:4.0.4.1
...
CWE    1
CWE-264

© SecPod Technologies