CVE-2006-1174 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2006-1174
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-1174

Description: useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and possibly allows attackers to read or modify the mailbox.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/26958 ST 1018221 SGI SAID Secunia Advisory: SA26909 Secunia Advisory: SA25896 Secunia Advisory: SA25894 Secunia Advisory: SA25629 Secunia Advisory: SA25267 Secunia Advisory: SA25098 Secunia Advisory: SA20506 Secunia Advisory: SA20370 Secunia Advisory: SA27706 REDHAT http://www.redhat.com/support/errata/RHSA-2007-0431.html http://www.redhat.com/support/errata/RHSA-2007-0276.html MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2006:090 GENTOO http://www.gentoo.org/security/en/glsa/glsa-200606-02.xml FULLDISC http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-249.htm http://cvs.pld.org.pl/shadow/NEWS?rev=1.109 CERT-VN 312692 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/468336/100/0/threaded BID 18111

Return to the previous page.