Shadow-Utils 'useradd' Local Insecure Permissions Vulnerability

Bugtraq ID: 18111
Class: Race Condition Error
CVE: CVE-2006-1174
Remote: No
Local: Yes
Published: May 24 2006 12:00AM
Updated: Dec 18 2007 08:04PM
Credit: Koblinger Egmont <egmont@uhulinux.hu> discovered this issue.
Vulnerable: VMWare ESX Server 3.0.2
VMWare ESX Server 3.0.1
VMWare ESX Server 3.0
shadow shadow 4.0.8
shadow shadow 4.0.3
SGI ProPack 3.0 SP6
rPath rPath Linux 1
Redhat Enterprise Linux WS 4
Redhat Enterprise Linux WS 3
Redhat Enterprise Linux ES 4
Redhat Enterprise Linux ES 3
Redhat Enterprise Linux AS 4
Redhat Enterprise Linux AS 3
Redhat Desktop 4.0
Redhat Desktop 3.0
Mandriva Linux Mandrake 10.2 x86_64
Mandriva Linux Mandrake 10.2
MandrakeSoft Multi Network Firewall 2.0
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
Gentoo Linux
Avaya SES 3.1.1
Avaya Messaging Storage Server MSS 3.0
Avaya Message Networking MN 3.1
Avaya EMMC 1.021
Avaya EMMC 1.017
Avaya EMMC 0
Avaya Communication Manager 2.0.1
+ Avaya Communication Manager Server DEFINITY Server SI/CS
+ Avaya Communication Manager Server S8100
+ Avaya Communication Manager Server S8100
+ Avaya Communication Manager Server S8300
+ Avaya Communication Manager Server S8300
+ Avaya Communication Manager Server S8500
+ Avaya Communication Manager Server S8500
+ Avaya Communication Manager Server S8700
+ Avaya Communication Manager Server S8700
Avaya Communication Manager 2.0
+ Avaya Communication Manager Server DEFINITY Server SI/CS
+ Avaya Communication Manager Server S8100
+ Avaya Communication Manager Server S8100
+ Avaya Communication Manager Server S8300
+ Avaya Communication Manager Server S8300
+ Avaya Communication Manager Server S8500
+ Avaya Communication Manager Server S8500
+ Avaya Communication Manager Server S8700
+ Avaya Communication Manager Server S8700
Avaya Communication Manager 4.0
Avaya Communication Manager 3.1
+ Avaya Communication Manager Server DEFINITY Server SI/CS
+ Avaya Communication Manager Server S8100
+ Avaya Communication Manager Server S8300
+ Avaya Communication Manager Server S8500
+ Avaya Communication Manager Server S8700
Avaya Communication Manager 3.0
+ Avaya Communication Manager Server DEFINITY Server SI/CS
+ Avaya Communication Manager Server S8100
+ Avaya Communication Manager Server S8100
+ Avaya Communication Manager Server S8300
+ Avaya Communication Manager Server S8300
+ Avaya Communication Manager Server S8500
+ Avaya Communication Manager Server S8500
+ Avaya Communication Manager Server S8700
+ Avaya Communication Manager Server S8700
Avaya CCS 3.1.1
Avaya Aura Application Enablement Services 3.1.3
Avaya Aura Application Enablement Services 3.0
Avaya AES 4.0
Avaya AES 3.1
Not Vulnerable:


 

Privacy Statement
Copyright 2010, SecurityFocus