The Shadow Utilities contain a vulnerability that may result in new user mailboxes having arbitrary permissions.
The Shadow Utilities provide tools to manage user accounts.
When a new mailbox is created using the useradd utility, the open() function does not receive the expected arguments while O_CREAT is present. The result of this error is that random permissions are applied to the new mailbox.
A local, unprivileged attacker may be able to gain access to newly created mailbox files.
Affected vendors have released updates to address this issue. Users are encouraged to see the Systems Affected portion of this document for a partial list of affected vendors.
This document was written by Jeff Gennari.
|Date First Published:||2007-12-14|
|Date Last Updated:||2007-12-14 16:35 UTC|