Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2006-1174

Disclosure Date: May 28, 2006
CVE-2006-1174
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and possibly allows attackers to read or modify the mailbox.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • debian

Products

  • shadow,
  • shadow 4.0.0,
  • shadow 4.0.1,
  • shadow 4.0.2,
  • shadow 4.0.4,
  • shadow 4.0.4.1,
  • shadow 4.0.5,
  • shadow 4.0.6

References

Canonical
CVE-2006-1174 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1174)
BID-18111 (http://www.securityfocus.com/bid/18111)
Advisory
20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player (http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html)
SECUNIA-25098 (http://secunia.com/advisories/25098)
SECUNIA-25894 (http://secunia.com/advisories/25894)
http://www.redhat.com/support/errata/RHSA-2007-0431.html
ADV-2007-3229 (http://www.vupen.com/english/advisories/2007/3229)
SECUNIA-25267 (http://secunia.com/advisories/25267)
http://www.redhat.com/support/errata/RHSA-2007-0276.html
http://support.avaya.com/elmodocs2/security/ASA-2007-249.htm
SECTRACK-1018221 (http://www.securitytracker.com/id?1018221)
SECUNIA-25629 (http://secunia.com/advisories/25629)
http://cvs.pld.org.pl/shadow/NEWS?rev=1.109
XF-shadow-utils-useradd-file-permission(26958) (https://exchange.xforce.ibmcloud.com/vulnerabilities/26958)
VU#312692 (http://www.kb.cert.org/vuls/id/312692)
GLSA-200606-02 (http://www.gentoo.org/security/en/glsa/glsa-200606-02.xml)
SECUNIA-25896 (http://secunia.com/advisories/25896)
20070511 rPSA-2007-0096-1 shadow (http://www.securityfocus.com/archive/1/468336/100/0/threaded)
http://www.mandriva.com/security/advisories?name=MDKSA-2006:090
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10807
SECUNIA-26909 (http://secunia.com/advisories/26909)
SECUNIA-27706 (http://secunia.com/advisories/27706)
ADV-2006-2006 (http://www.vupen.com/english/advisories/2006/2006)
https://issues.rpath.com/browse/RPL-1357
SECUNIA-20506 (http://secunia.com/advisories/20506)
SECUNIA-20370 (http://secunia.com/advisories/20370)

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis