Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A patch for shadow-utils 20000902 causes the useradd command to create a mail spool files with read/write privileges of the new user's group (mode 660), which allows other users in the same group to read or modify the new user's incoming email.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
RedHat useradd邮箱存储文件权限设置漏洞
Vulnerability Description
shadow-utils工具包含了一些转换UNIX密码文件为shadow密码格式的文件,还有管理用户和组帐户的程序,其中之一就是useradd程序用于建立或更新新用户信息。 RedHat包含的useradd建立邮箱文件时设置权限不正确,本地攻击者可以利用这个漏洞读和写其他用户邮件文件。 当建议用户帐户时,RedHat Linux 7.2、7.3和8.0包含的useradd不正确设置邮箱文件组权限,本来应该设置此文件的组属组为'mail'组,而useradd设置为用户相关的组,因此如果攻击与其他用户同属一组
CVSS Information
N/A
Vulnerability Type
N/A