Access Restriction Bypass Affecting shadow package, versions <1:4.0.15-10
Snyk CVSS
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIAN10-SHADOW-306258
- published 28 May 2006
- disclosed 28 May 2006
Introduced: 28 May 2006
CVE-2006-1174 Open this link in a new tabHow to fix?
Upgrade Debian:10
shadow
to version 1:4.0.15-10 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream shadow
package and not the shadow
package as distributed by Debian:10
.
See How to fix?
for Debian:10
relevant fixed versions and status.
useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and possibly allows attackers to read or modify the mailbox.
References
- ADVISORY
- BUGTRAQ
- Cert Vulnerability Note
- CONFIRM
- CONFIRM
- CONFIRM
- FULLDISC
- Gentoo Security Advisory
- Oval Security
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Security Focus
- Security Tracker
- SGI
- VUPEN
- VUPEN
- X-force Vulnerability Report