- Home
- CVEs with nessus.description==The remote host is affected by the vulnerability described in GLSA-200606-02 (shadow: Privilege escalation)
When the mailbox is created in useradd, the 'open()' function does not receive the three arguments it expects while O_CREAT is present, which leads to random permissions on the created file, before fchmod() is executed.
Impact :
Depending on the random permissions given to the mailbox file which is at this time owned by root, a local user may be able to open this file for reading or writing, or even executing it, maybe as the root user.
Workaround :
There is no known workaround at this time.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top