3.7

CVE-2006-1174

useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and possibly allows attackers to read or modify the mailbox.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DebianShadow Version <= 4.0.7
DebianShadow Version4.0.0
DebianShadow Version4.0.1
DebianShadow Version4.0.2
DebianShadow Version4.0.4
DebianShadow Version4.0.4.1
DebianShadow Version4.0.5
DebianShadow Version4.0.6
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.44% 0.353
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 3.7 1.9 6.4
AV:L/AC:H/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc
http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html
http://secunia.com/advisories/25894
Vendor Advisory
http://secunia.com/advisories/26909
Vendor Advisory
http://secunia.com/advisories/27706
Vendor Advisory
http://www.vupen.com/english/advisories/2007/3229
Vendor Advisory
http://secunia.com/advisories/25098
Vendor Advisory
http://cvs.pld.org.pl/shadow/NEWS?rev=1.109
http://secunia.com/advisories/20370
Patch
Vendor Advisory
http://secunia.com/advisories/20506
Vendor Advisory
http://secunia.com/advisories/25267
Vendor Advisory
http://secunia.com/advisories/25629
Vendor Advisory
http://secunia.com/advisories/25896
Vendor Advisory
http://support.avaya.com/elmodocs2/security/ASA-2007-249.htm
http://www.gentoo.org/security/en/glsa/glsa-200606-02.xml
http://www.kb.cert.org/vuls/id/312692
US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2006:090
http://www.redhat.com/support/errata/RHSA-2007-0276.html
http://www.redhat.com/support/errata/RHSA-2007-0431.html
http://www.securityfocus.com/archive/1/468336/100/0/threaded
http://www.securityfocus.com/bid/18111
Patch
http://www.securitytracker.com/id?1018221
http://www.vupen.com/english/advisories/2006/2006
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/26958
https://issues.rpath.com/browse/RPL-1357
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10807