CVE-2002-1509

A patch for shadow-utils 20000902 causes the useradd command to create a mail spool files with read/write privileges of the new user's group (mode 660), which allows other users in the same group to read or modify the new user's incoming email.

CVSS v2.0 3.6 LOW

3.6^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:N

Exploitability : 3.9 / Impact : 4.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=75418	Vendor Advisory
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:026
http://www.redhat.com/support/errata/RHSA-2003-057.html
http://www.redhat.com/support/errata/RHSA-2003-058.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:redhat:linux:7.2:::::::*
	cpe:2.3:o:redhat:linux:7.3:::::::*
	cpe:2.3:o:redhat:linux:7.2::ia64:::::
	cpe:2.3:o:redhat:linux:8.0:::::::*

Information

Published : 2003-03-02 21:00

Updated : 2008-09-10 12:14

NVD link : CVE-2002-1509

Mitre link : CVE-2002-1509

JSON object : View

CWE

NVD-CWE-Other

Products Affected

redhat

linux

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=75418", "name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=75418", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:026", "name": "MDKSA-2003:026", "tags": [], "refsource": "MANDRAKE"}, {"url": "http://www.redhat.com/support/errata/RHSA-2003-057.html", "name": "RHSA-2003:057", "tags": [], "refsource": "REDHAT"}, {"url": "http://www.redhat.com/support/errata/RHSA-2003-058.html", "name": "RHSA-2003:058", "tags": [], "refsource": "REDHAT"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A patch for shadow-utils 20000902 causes the useradd command to create a mail spool files with read/write privileges of the new user's group (mode 660), which allows other users in the same group to read or modify the new user's incoming email."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2002-1509", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 3.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "LOW", "impactScore": 4.9, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2003-03-03T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:linux:7.2:*:ia64:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2008-09-10T19:14Z"}

3.6 /10