Vulnerabilities > CVE-2002-1509 - Unspecified vulnerability in Redhat Linux 7.2/7.3/8.0
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
A patch for shadow-utils 20000902 causes the useradd command to create a mail spool files with read/write privileges of the new user's group (mode 660), which allows other users in the same group to read or modify the new user's incoming email.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 4 |
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2003-026.NASL description The shadow-utils package contains the tool useradd, which is used to create or update new user information. When useradd creates an account, it would create it with improper permissions; instead of having it owned by the group mail, it would be owned by the user last seen 2020-06-01 modified 2020-06-02 plugin id 14010 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14010 title Mandrake Linux Security Advisory : shadow-utils (MDKSA-2003:026) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2003-058.NASL description Updated shadow-utils packages are now available. These updated packages correct a bug that caused the useradd tool to create mail spools with incorrect permissions. The shadow-utils package includes programs for converting UNIX password files to the shadow password format, plus programs for managing user and group accounts. One of these programs is useradd, which is used to create or update new user information. When creating a user account, the version of useradd included in Red Hat packages creates a mail spool file with incorrectly-set group ownership. Instead of setting the file last seen 2020-06-01 modified 2020-06-02 plugin id 12366 published 2004-07-06 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/12366 title RHEL 2.1 : shadow-utils (RHSA-2003:058)
Redhat
| advisories |
|