CVE-2006-1174

Severity

37%

Complexity

19%

Confidentiality

106%

useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and possibly allows attackers to read or modify the mailbox.

useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and possibly allows attackers to read or modify the mailbox.

CVSS 2.0 Base Score 3.7. CVSS Attack Vector: local. CVSS Attack Complexity: high. CVSS Vector: (AV:L/AC:H/Au:N/C:P/I:P/A:P).

Overview

Type

Debian shadow

First reported 18 years ago

2006-05-28 23:02:00

Last updated 6 years ago

2018-10-18 16:31:00

Affected Software

Debian shadow 4.0.0

4.0.0

Debian shadow 4.0.1

4.0.1

Debian shadow 4.0.2

4.0.2

Debian shadow 4.0.4

4.0.4

Debian shadow 4.0.4.1

4.0.4.1

Debian shadow 4.0.5

4.0.5

Debian shadow 4.0.6

4.0.6

References

20070602-01-P

http://cvs.pld.org.pl/shadow/NEWS?rev=1.109

20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player

20370

Patch, Vendor Advisory

20506

Vendor Advisory

25098

Vendor Advisory

25267

Vendor Advisory

25629

Vendor Advisory

25894

Vendor Advisory

25896

Vendor Advisory

26909

Vendor Advisory

27706

Vendor Advisory

http://support.avaya.com/elmodocs2/security/ASA-2007-249.htm

GLSA-200606-02

VU#312692

US Government Resource

MDKSA-2006:090

RHSA-2007:0276

RHSA-2007:0431

20070511 rPSA-2007-0096-1 shadow

18111

Patch

1018221

ADV-2006-2006

Vendor Advisory

ADV-2007-3229

Vendor Advisory

shadow-utils-useradd-file-permission(26958)

https://issues.rpath.com/browse/RPL-1357

oval:org.mitre.oval:def:10807

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.