Lucene search

K
redhatRedHatRHSA-2007:0431
HistoryJun 11, 2007 - 1:45 p.m.

(RHSA-2007:0431) Low: shadow-utils security and bug fix update

2007-06-1113:45:45
access.redhat.com
10

3.7 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

51.2%

The shadow-utils package includes the necessary programs for converting
UNIX password files to the shadow password format, as well as programs
for managing user and group accounts.

A flaw was found in the useradd tool in shadow-utils. A new user’s
mailbox, when created, could have random permissions for a short period.
This could allow a local attacker to read or modify the mailbox.
(CVE-2006-1174)

This update also fixes the following bugs:

  • shadow-utils debuginfo package was empty.

  • chage.1 and chage -l gave incorrect information about sp_inact.

All users of shadow-utils are advised to upgrade to this updated
package, which contains backported patches to resolve these issues.

OSVersionArchitecturePackageVersionFilename
RedHatanyia64shadow-utils< 4.0.3-29.RHEL3shadow-utils-4.0.3-29.RHEL3.ia64.rpm

3.7 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

51.2%

Related for RHSA-2007:0431