Published: 28/05/2006 Updated: 11/08/2020

CVSS v2 Base Score: 3.7 | Impact Score: 6.4 | Exploitability Score: 1.9

VMScore: 329

Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P

Subscribe to Debian

useradd in shadow-utils prior to 4.0.3, and possibly other versions prior to 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and possibly allows malicious users to read or modify the mailbox.

Vulnerable Product	Search on Vulmon	Subscribe to Product
debian shadow 4.0.6
debian shadow
debian shadow 4.0.0
debian shadow 4.0.1
debian shadow 4.0.4.1
debian shadow 4.0.5
debian shadow 4.0.2
debian shadow 4.0.4

CWE-264 http://www.securityfocus.com/bid/18111 http://cvs.pld.org.pl/shadow/NEWS?rev=1.109 http://secunia.com/advisories/20370 http://www.gentoo.org/security/en/glsa/glsa-200606-02.xml http://secunia.com/advisories/20506 http://www.redhat.com/support/errata/RHSA-2007-0276.html http://secunia.com/advisories/25098 https://issues.rpath.com/browse/RPL-1357 http://secunia.com/advisories/25267 http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html http://support.avaya.com/elmodocs2/security/ASA-2007-249.htm http://www.mandriva.com/security/advisories?name=MDKSA-2006:090 http://www.redhat.com/support/errata/RHSA-2007-0431.html ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc http://www.securitytracker.com/id?1018221 http://secunia.com/advisories/25629 http://secunia.com/advisories/25894 http://secunia.com/advisories/25896 http://secunia.com/advisories/26909 http://secunia.com/advisories/27706 http://www.kb.cert.org/vuls/id/312692 http://www.vupen.com/english/advisories/2006/2006 http://www.vupen.com/english/advisories/2007/3229 https://exchange.xforce.ibmcloud.com/vulnerabilities/26958 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10807 http://www.securityfocus.com/archive/1/468336/100/0/threaded https://nvd.nist.gov https://www.kb.cert.org/vuls/id/312692

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook