Mandrake Linux Security Advisory : shadow-utils (MDKSA-2003:026)

This script is Copyright (C) 2004-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing a security update.

Description :

The shadow-utils package contains the tool useradd, which is used to
create or update new user information. When useradd creates an
account, it would create it with improper permissions; instead of
having it owned by the group mail, it would be owned by the user's
primary group. If this is a shared group (ie. 'users'), then all
members of the shared group would be able to obtain access to the mail
spools of other members of the same group. A patch to useradd has been
applied to correct this problem.

Solution :

Update the affected shadow-utils package.

Risk factor :

Low / CVSS Base Score : 3.6
(CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:N)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 14010 (mandrake_MDKSA-2003-026.nasl)

Bugtraq ID:

CVE ID: CVE-2002-1509

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now