Vulnerability Note VU#424080
shadow-utils useradd creates temporary files insecurely
Shadow-utils is an encryption and account management package freely distributed for many Linux implementations. The useradd program in this package creates insecure temporary files with predictable names in a write-protected directory. If this directory is changed to be writable, an attacker may be able to use a symbolic link attack to overwrite arbitrary files.
The useradd program calls the passwd program, which stores temporary files with predictable names in /etc/default, a protected directory. The program does not check for prior existence or ownership of these files. Useradd normally runs with setuid root privileges.
If /etc/default is changed to be world-writable, an attacker may be able to create a symbolic link with predictable name, and point it to any writable file on the system. This may cause corruption of the file.
Apply vendor patches; see the Systems Affected section below.
Change /etc/default to not be world-writable.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Immunix||Affected||10 Jan 2001||04 Oct 2001|
|MandrakeSoft||Affected||10 Jan 2001||04 Oct 2001|
|Caldera||Not Affected||09 Oct 2001||29 Oct 2001|
|Debian||Unknown||09 Oct 2001||08 Nov 2001|
|IBM||Unknown||09 Oct 2001||08 Nov 2001|
|Sequent||Unknown||09 Oct 2001||08 Nov 2001|
CVSS Metrics (Learn More)
This vulnerability was first reported by Greg Kroah-Hartman
This document was last modified by Tim Shimeall.
- CVE IDs: CAN-2001-0120
- Date Public: 10 Jan 2001
- Date First Published: 08 Nov 2001
- Date Last Updated: 08 Nov 2001
- Severity Metric: 0.30
- Document Revision: 10
If you have feedback, comments, or additional information about this vulnerability, please send us email.