{"vuid":"VU#312692","idnumber":"312692","name":"Shadow Utils useradd utility sets incorrect file permissions","keywords":["shadow-utils","useradd utility","temporary file permissions","EXP37-C"],"overview":"The Shadow Utilities contain a vulnerability that may result in new user mailboxes having arbitrary permissions.","clean_desc":"The Shadow Utilities provide tools to manage user accounts. When a new mailbox is created using the useradd utility, the open() function does not receive the expected arguments while O_CREAT is present. The result of this error is that random permissions are applied to the new mailbox.","impact":"A local, unprivileged attacker may be able to gain access to newly created mailbox files.","resolution":"Affected vendors have released updates to address this issue. Users are encouraged to see the Systems Affected portion of this document for a partial list of affected vendors.","workarounds":"","sysaffected":"","thanks":"","author":"This document was written by Jeff Gennari.","public":["http://linux.die.net/man/8/useradd","http://www.redhat.com/docs/manuals/enterprise/RHEL-5-manual/Deployment_Guide-en-US/s1-users-tools.html","http://www.gentoo.org/security/en/glsa/glsa-200606-02.xml","http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/shadow-utils/shadow-4.0.4.1-owl-create-mailbox.diff?rev=HEAD","http://www.securityfocus.com/archive/1/archive/1/468336/100/0/threaded","https://www.securecoding.cert.org/confluence/x/VQBc"],"cveids":["CVE-2006-1174"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2005-10-14T19:37:18Z","publicdate":"2006-05-31T00:00:00Z","datefirstpublished":"2007-12-14T14:33:31Z","dateupdated":"2007-12-14T16:35:13Z","revision":27,"vrda_d1_directreport":"1","vrda_d1_population":"2","vrda_d1_impact":"2","cam_widelyknown":"20","cam_exploitation":"0","cam_internetinfrastructure":"3","cam_population":"15","cam_impact":"4","cam_easeofexploitation":"3","cam_attackeraccessrequired":"3","cam_scorecurrent":"0.232875","cam_scorecurrentwidelyknown":"0.232875","cam_scorecurrentwidelyknownexploited":"0.435375","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":0.232875,"vulnote":null}