Mandrake Linux Security Advisory : shadow-utils (MDKSA-2003:026)
Low Nessus Plugin ID 14010
SynopsisThe remote Mandrake Linux host is missing a security update.
DescriptionThe shadow-utils package contains the tool useradd, which is used to create or update new user information. When useradd creates an account, it would create it with improper permissions; instead of having it owned by the group mail, it would be owned by the user's primary group. If this is a shared group (ie. 'users'), then all members of the shared group would be able to obtain access to the mail spools of other members of the same group. A patch to useradd has been applied to correct this problem.
SolutionUpdate the affected shadow-utils package.