Vulnerabilities > CVE-2001-0195 - Improper Preservation of Permissions vulnerability in Debian Linux 2.2

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
debian
CWE-281
nessus

Summary

sash before 3.4-4 in Debian GNU/Linux does not properly clone /etc/shadow, which makes it world-readable and could allow local users to gain privileges via password cracking.

Vulnerable Configurations

Part Description Count
OS
Debian
1

Common Weakness Enumeration (CWE)

Nessus

NASL familyDebian Local Security Checks
NASL idDEBIAN_DSA-015.NASL
descriptionVersions of the sash package prior to 3.4-4 did not clone /etc/shadow properly, causing it to be made world-readable. This package only exists in stable, so if you are running unstable you won
last seen2020-06-01
modified2020-06-02
plugin id14852
published2004-09-29
reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/14852
titleDebian DSA-015-1 : sash - broken maintainer script