MDKSA-2006:090 : shadow-utils

2006-05-2700:00:00

www.tenable.com

0.002 Low

EPSS

Percentile

51.2%

JSON

A potential security problem was found in the useradd tool when it creates a new user’s mailbox due to a missing argument to the open() call, resulting in the first permissions of the file being some random garbage found on the stack, which could possibly be held open for reading or writing before the proper fchmod() call is executed.

Packages have been patched to correct this issue.

#%NASL_MIN_LEVEL 999999

# @DEPRECATED@
#
# This script has been deprecated as the associated update is not
# for a supported release of Mandrake / Mandriva Linux.
#
# Disabled on 2012/09/06.
#

#
# (C) Tenable Network Security, Inc.
#
# This script was automatically generated from
# Mandrake Linux Security Advisory MDKSA-2006:090.
#

if (!defined_func("bn_random")) exit(0);

include("compat.inc");

if (description)
{
  script_id(21601);
  script_version ("1.11");
  script_cvs_date("Date: 2018/07/20  0:18:52");

  script_cve_id("CVE-2006-1174");

  script_name(english:"MDKSA-2006:090 : shadow-utils");
  script_summary(english:"Checks for patch(es) in 'rpm -qa' output");

  script_set_attribute(attribute:"synopsis", value: 
"The remote Mandrake host is missing one or more security-related
patches.");
  script_set_attribute(attribute:"description", value:
"A potential security problem was found in the useradd tool when it
creates a new user's mailbox due to a missing argument to the open()
call, resulting in the first permissions of the file being some
random garbage found on the stack, which could possibly be held open
for reading or writing before the proper fchmod() call is executed.

Packages have been patched to correct this issue.");
  script_set_attribute(attribute:"see_also", value:"http://www.mandriva.com/security/advisories?name=MDKSA-2006:090");
  script_set_attribute(attribute:"solution", value:"Update the affected package(s).");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:P/I:P/A:P");
  script_set_attribute(attribute:"patch_publication_date", value:"2006/05/24");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux");
  script_set_attribute(attribute:"plugin_type", value:"local");
 script_set_attribute(attribute:"plugin_publication_date", value: "2006/05/27");
  script_end_attributes();
 
  script_category(ACT_GATHER_INFO);
  script_family(english:"Mandriva Local Security Checks");
 
  script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}

# Deprecated.
exit(0, "The associated update is not currently for a supported release of Mandrake / Mandriva Linux.");


include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
if (!get_kb_item("Host/Mandrake/release")) exit(0, "The host is not running Mandrake Linux.");
if (!get_kb_item("Host/Mandrake/rpm-list")) exit(1, "Could not get the list of packages.");

flag = 0;

if (rpm_check(reference:"shadow-utils-4.0.3-9.1.102mdk", release:"MDK10.2", cpu:"i386", yank:"mdk")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
  else security_note(0);
  exit(0);
}
else 
{
  if (rpm_exists(rpm:"shadow-utils-", release:"MDK10.2"))
  {
    set_kb_item(name:"CVE-2006-1174", value:TRUE);
  }

  exit(0, "The host is not affected.");
}

VendorProductVersionCPE
mandrivalinuxcpe:/o:mandriva:linux

Vendor	Product	Version	CPE
mandriva	linux		cpe:/o:mandriva:linux

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1174

www.mandriva.com/security/advisories?name=MDKSA-2006:090

0.002 Low

EPSS

Percentile

51.2%

JSON

Related for MANDRAKE_MDKSA-2006-090.NASL