useradd in shadow-utils prior to 4.0.3, and possibly other versions prior to 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and possibly allows malicious users to read or modify the mailbox.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
debian shadow 4.0.6 |
||
debian shadow |
||
debian shadow 4.0.0 |
||
debian shadow 4.0.1 |
||
debian shadow 4.0.4.1 |
||
debian shadow 4.0.5 |
||
debian shadow 4.0.2 |
||
debian shadow 4.0.4 |