CVE-2006-1174

CWE-2649 documents7 sources
Severity
3.7LOW
EPSS
0.1%
top 73.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Debian Shadow
Timeline
PublishedMay 28
Latest updateMay 3

Description

useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and possibly allows attackers to read or modify the mailbox.

CVSS vector

AV:L/AC:H/C:P/I:P/A:PExploitability: 1.9 | Impact: 6.4

Affected Packages2 packages

Debianshadow< 1:4.0.15-10+3
NVDdebian/shadow4.0.7+7

Patches

Patch: secunia.comPatch: www.securityfocus.comPatch: secunia.com

🔴Vulnerability Details

3
GHSA
GHSA-2fgw-2v2m-w7mc: useradd in shadow-utils before 42022-05-03
CVEList
CVE-2006-1174: useradd in shadow-utils before 42006-05-28
OSV
CVE-2006-1174: useradd in shadow-utils before 42006-05-28

📋Vendor Advisories

2
Debian
CVE-2006-1174: shadow - useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, ...2006
Red Hat
security flaw2005-02-23

💬Community

3
Bugzilla
CVE-2006-1174 security flaw2018-08-16
Bugzilla
CVE-2006-1174 shadow-utils mailbox creation race condition2007-02-19
Bugzilla
CVE-2006-1174 shadow-utils mailbox creation race condition2006-05-24
CVE-2006-1174 (LOW CVSS 3.7) | useradd in shadow-utils before 4.0. | cvebase.io