← back
CVE-2006-1174

CVE-2006-1174

EPSS 0.4%
useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and possibly allows attackers to read or modify the mailbox.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.aschttp://cvs.pld.org.pl/shadow/NEWS?rev=1.109http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.htmlhttp://secunia.com/advisories/20370http://secunia.com/advisories/20506http://secunia.com/advisories/25098http://secunia.com/advisories/25267http://secunia.com/advisories/25629http://secunia.com/advisories/25894http://secunia.com/advisories/25896http://secunia.com/advisories/26909http://secunia.com/advisories/27706