Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1174

Overview

Vulnerability Score 3.7 3.7
CVE Id CVE-2006-1174
Last Modified 10 Mar 2011 12:00:00
Published 28 May 2006 07:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity HIGH
Authentication NONE

CVE-2006-1174

Summary

useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and possibly allows attackers to read or modify the mailbox.

Vulnerable Systems

Application

  • Debian Shadow-utils 4.0.0

  • Debian Shadow-utils 4.0.1

  • Debian Shadow-utils 4.0.2

  • Debian Shadow-utils 4.0.4

  • Debian Shadow-utils 4.0.4.1

  • Debian Shadow-utils 4.0.5

  • Debian Shadow-utils 4.0.6

  • Debian Shadow-utils 4.0.7


References

CERT-VN - VU#312692

BID - 18111

SECUNIA - 20370

CONFIRM - https://issues.rpath.com/browse/RPL-1357

XF - shadow-utils-useradd-file-permission(26958)

VUPEN - ADV-2007-3229

VUPEN - ADV-2006-2006

SECTRACK - 1018221

BUGTRAQ - 20070511 rPSA-2007-0096-1 shadow

REDHAT - RHSA-2007:0431

REDHAT - RHSA-2007:0276

MANDRIVA - MDKSA-2006:090

GENTOO - GLSA-200606-02

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2007-249.htm

SECUNIA - 27706

SECUNIA - 26909

SECUNIA - 25896

SECUNIA - 25894

SECUNIA - 25629

SECUNIA - 25267

SECUNIA - 25098

SECUNIA - 20506

FULLDISC - 20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player

CONFIRM - http://cvs.pld.org.pl/shadow/NEWS?rev=1.109

SGI - 20070602-01-P


Last Updated: 27 May 2016 10:41:58