Upstream information
Description
useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and possibly allows attackers to read or modify the mailbox.SUSE information
Overall state of this security issue: Resolved
This issue is currently not rated by SUSE as it is not affecting the SUSE Enterprise products.
| CVSS detail | National Vulnerability Database |
|---|---|
| Base Score | 3.7 |
| Vector | AV:L/AC:H/Au:N/C:P/I:P/A:P |
| Access Vector | Local |
| Access Complexity | High |
| Authentication | None |
| Confidentiality Impact | Partial |
| Integrity Impact | Partial |
| Availability Impact | Partial |
SUSE Timeline for this CVE
CVE page created: Fri Jun 28 01:54:15 2013CVE page last modified: Mon Oct 6 18:14:45 2025