aru Posted May 25, 2006 Report Share Posted May 25, 2006 Mandriva Advisories MDKSA-2006:090 : shadow-utils Updated shadow-utils packages fix mailbox creation vulnerability May 24th, 2006 A potential security problem was found in the useradd tool when it creates a new user's mailbox due to a missing argument to the open() call, resulting in the first permissions of the file being some random garbage found on the stack, which could possibly be held open for reading or writing before the proper fchmod() call is executed. Packages have been patched to correct this issue. The released versions of Mandriva GNU/Linux affected are: CS3.0 MNF2.0 10.2 Full information about this advisory, including the updated packages, is available at: wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:090 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1174 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.15 2005/11/24 16:53:12 aru Exp aru $) Link to comment Share on other sites More sharing options...
Recommended Posts