Shadow useradd.c Mailbox Permission Weakness

2006-02-23T10:20:05
ID OSVDB:25848
Type osvdb
Reporter OSVDB
Modified 2006-02-23T10:20:05

Description

Solution Description

Upgrade to version 4.0.8 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

References:

Vendor URL: http://shadow.pld.org.pl/ Vendor Specific News/Changelog Entry: http://cvs.pld.org.pl/shadow/NEWS?rev=1.109 Secunia Advisory ID:20506 Secunia Advisory ID:25629 Secunia Advisory ID:25896 Secunia Advisory ID:25894 Secunia Advisory ID:26909 Secunia Advisory ID:27706 Secunia Advisory ID:20370 Secunia Advisory ID:25098 Secunia Advisory ID:25267 RedHat RHSA: RHSA-2007:0203 RedHat RHSA: RHSA-2007:0431 Other Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc Other Advisory URL: http://support.avaya.com/elmodocs2/security/ASA-2007-249.htm Other Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-May/000186.html Other Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200711-23.xml Other Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200606-02.xml FrSIRT Advisory: ADV-2006-2006 CVE-2006-1174 Bugtraq ID: 18111