Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2006:090: shadow-utils Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the shadow-utils package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2006:090 (shadow-utils).
A potential security problem was found in the useradd tool when it
creates a new user's mailbox due to a missing argument to the open()
call, resulting in the first permissions of the file being some random
garbage found on the stack, which could possibly be held open for
reading or writing before the proper fchmod() call is executed.
Packages have been patched to correct this issue.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:090
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.