CVE-2006-1174
Gravedad CVSS v2.0:
BAJA
Tipo:
CWE-264
Permisos, privilegios y/o control de acceso
Fecha de publicación:
28/05/2006
Última modificación:
03/04/2025
Descripción
*** Pendiente de traducción *** useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and possibly allows attackers to read or modify the mailbox.
Impacto
Puntuación base 2.0
3.70
Gravedad 2.0
BAJA
Productos y versiones vulnerables
| CPE | Desde | Hasta |
|---|---|---|
| cpe:2.3:a:debian:shadow:*:*:*:*:*:*:*:* | 4.0.7 (incluyendo) | |
| cpe:2.3:a:debian:shadow:4.0.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:debian:shadow:4.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:debian:shadow:4.0.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:debian:shadow:4.0.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:debian:shadow:4.0.4.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:debian:shadow:4.0.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:debian:shadow:4.0.6:*:*:*:*:*:*:* |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página
Referencias a soluciones, herramientas e información
- ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc
- http://cvs.pld.org.pl/shadow/NEWS?rev=1.109
- http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html
- http://secunia.com/advisories/20370
- http://secunia.com/advisories/20506
- http://secunia.com/advisories/25098
- http://secunia.com/advisories/25267
- http://secunia.com/advisories/25629
- http://secunia.com/advisories/25894
- http://secunia.com/advisories/25896
- http://secunia.com/advisories/26909
- http://secunia.com/advisories/27706
- http://support.avaya.com/elmodocs2/security/ASA-2007-249.htm
- http://www.gentoo.org/security/en/glsa/glsa-200606-02.xml
- http://www.kb.cert.org/vuls/id/312692
- http://www.mandriva.com/security/advisories?name=MDKSA-2006%3A090
- http://www.redhat.com/support/errata/RHSA-2007-0276.html
- http://www.redhat.com/support/errata/RHSA-2007-0431.html
- http://www.securityfocus.com/archive/1/468336/100/0/threaded
- http://www.securityfocus.com/bid/18111
- http://www.securitytracker.com/id?1018221=
- http://www.vupen.com/english/advisories/2006/2006
- http://www.vupen.com/english/advisories/2007/3229
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26958
- https://issues.rpath.com/browse/RPL-1357
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10807
- ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc
- http://cvs.pld.org.pl/shadow/NEWS?rev=1.109
- http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html
- http://secunia.com/advisories/20370
- http://secunia.com/advisories/20506
- http://secunia.com/advisories/25098
- http://secunia.com/advisories/25267
- http://secunia.com/advisories/25629
- http://secunia.com/advisories/25894
- http://secunia.com/advisories/25896
- http://secunia.com/advisories/26909
- http://secunia.com/advisories/27706
- http://support.avaya.com/elmodocs2/security/ASA-2007-249.htm
- http://www.gentoo.org/security/en/glsa/glsa-200606-02.xml
- http://www.kb.cert.org/vuls/id/312692
- http://www.mandriva.com/security/advisories?name=MDKSA-2006%3A090
- http://www.redhat.com/support/errata/RHSA-2007-0276.html
- http://www.redhat.com/support/errata/RHSA-2007-0431.html
- http://www.securityfocus.com/archive/1/468336/100/0/threaded
- http://www.securityfocus.com/bid/18111
- http://www.securitytracker.com/id?1018221=
- http://www.vupen.com/english/advisories/2006/2006
- http://www.vupen.com/english/advisories/2007/3229
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26958
- https://issues.rpath.com/browse/RPL-1357
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10807