CVE-2006-1174
Summary
| CVE | CVE-2006-1174 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2006-05-28 23:02:00 UTC |
|---|
| Updated | 2020-08-11 17:09:00 UTC |
|---|
| Description | useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and possibly allows attackers to read or modify the mailbox. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| Repository / Oval Repository |
OVAL |
oval.cisecurity.org |
|
| Advisories - Mandriva Linux |
MANDRIVA |
www.mandriva.com |
|
| 20070602-01-P |
SGI |
patches.sgi.com |
|
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH |
VUPEN |
www.vupen.com |
Vendor Advisory |
| SGI Advanced Linux Environment Multiple Updates - Advisories - Secunia |
SECUNIA |
secunia.com |
Vendor Advisory |
| [Full-Disclosure] Mailing List Charter |
FULLDISC |
lists.grok.org.uk |
|
| SecurityTracker.com Archives - shadow-utils 'useradd' Unsafe Mailbox Folder Permissions May Let Local Users Read/Write Mail |
SECTRACK |
www.securitytracker.com |
|
| VMware ESX Server Multiple Security Updates - Advisories - Secunia |
SECUNIA |
secunia.com |
Vendor Advisory |
| Webmail - OVH |
VUPEN |
www.vupen.com |
Vendor Advisory |
| Support |
REDHAT |
www.redhat.com |
|
| Gentoo update for vmware - Advisories - Secunia |
SECUNIA |
secunia.com |
Vendor Advisory |
| ASA-2007-249 (RHSA-2007-0276) |
CONFIRM |
support.avaya.com |
|
| Support |
REDHAT |
www.redhat.com |
|
| Error 404 (Not Found)!!1 |
CONFIRM |
cvs.pld.org.pl |
|
| Avaya Products Shadow "useradd.c" Insecure Mailbox File Permissions - Advisories - Secunia |
SECUNIA |
secunia.com |
Vendor Advisory |
| Gentoo Linux Documentation
--
shadow: Privilege escalation |
GENTOO |
www.gentoo.org |
|
| Red Hat Update for Multiple Packages - Advisories - Secunia |
SECUNIA |
secunia.com |
Vendor Advisory |
| US-CERT Vulnerability Note VU#312692 |
CERT-VN |
www.kb.cert.org |
US Government Resource |
| Shadow "useradd.c" Insecure Mailbox File Permissions - Secunia Advisories - Vulnerability Intelligence - Secunia.com |
SECUNIA |
secunia.com |
Patch, Vendor Advisory |
| rPath update for shadow - Advisories - Secunia |
SECUNIA |
secunia.com |
Vendor Advisory |
| IBM X-Force Exchange |
XF |
exchange.xforce.ibmcloud.com |
|
| Red Hat update for shadow-utils - Advisories - Secunia |
SECUNIA |
secunia.com |
Vendor Advisory |
| Shadow-Utils 'useradd' Local Insecure Permissions Vulnerability |
BID |
www.securityfocus.com |
Patch |
| issues.rpath.com/browse/RPL-1357 |
CONFIRM |
issues.rpath.com |
|
| Gentoo update for shadow - Advisories - Secunia |
SECUNIA |
secunia.com |
Vendor Advisory |
| SecurityFocus |
BUGTRAQ |
www.securityfocus.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
Vendor Comments And Credit
| Organization | Published | Contributor | Statement |
|---|
| Red Hat | 2007-09-06 | Mark J Cox | Red Hat is aware of this issue and is tracking it via the following bugs: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=193053 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=229194 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1 which is in maintenance mode. |
There are currently no legacy QID mappings associated with this CVE.
