Mail Box Permissions Issue in Shadow-utils by Affects Shadow
CVE-2006-1174

Currently unrated

Key Information:

Vendor: Debian
Status: Shadow
Vendor: CVE Published:; 28 May 2006

Summary

The vulnerability in Shadow-utils allows the 'useradd' command to create user mailboxes without the necessary parameters set on the open function, resulting in unpredictable permissions. This negligence can lead to potential unauthorized access, enabling attackers to read or modify the created mailboxes, posing a significant risk to user data integrity and privacy. It is crucial for users of affected versions to upgrade to the latest to mitigate this risk.

References

http://lists.grok.org.uk/pipermail/full-disclosure/2007-S...

mailing-listx_refsource_FULLDISC

http://secunia.com/advisories/25098

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/advisories/25894

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
May 28, 2006
Vulnerability Reserved
Mar 12, 2006