CVE-2006-1174: useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function when creating a new…

low3.7CVSS 3.1

AVLACHAuNCPIPAP

useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and possibly allows attackers to read or modify the mailbox.

Affected

13 ranges

Vendor	Product	Version range	Fixed in
debian	shadow	< shadow 1:4.0.15-10 (bookworm)	shadow 1:4.0.15-10 (bookworm)
debian	shadow	<= 4.0.7	—
debian	shadow	—	—
debian	shadow	—	—
debian	shadow	—	—
debian	shadow	—	—
debian	shadow	—	—
debian	shadow	—	—
debian	shadow	—	—
shadow_project	shadow	>= 0 < 1:4.0.15-10	1:4.0.15-10
shadow_project	shadow	>= 0 < 1:4.0.15-10	1:4.0.15-10
shadow_project	shadow	>= 0 < 1:4.0.15-10	1:4.0.15-10
shadow_project	shadow	>= 0 < 1:4.0.15-10	1:4.0.15-10

CVSS provenance

nvd3.7LOWAV:L/AC:H/Au:N/C:P/I:P/A:P

osv3.7LOW