CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:P/A:N
EPSS
Percentile
24.8%
Updated shadow-utils packages are now available. These updated packages correct a bug that caused the useradd tool to create mail spools with incorrect permissions.
The shadow-utils package includes programs for converting UNIX password files to the shadow password format, plus programs for managing user and group accounts. One of these programs is useradd, which is used to create or update new user information.
When creating a user account, the version of useradd included in Red Hat packages creates a mail spool file with incorrectly-set group ownership. Instead of setting the file’s group ownership to the ‘mail’ group, it is set to the user’s primary group.
On systems where other users share the same primary group, this would allow those users to be able to read and write other user mailboxes.
These errata packages contain an updated patch to useradd. Where a mail group exists, mailboxes will be created with group mail having read and write permissions. Otherwise the mailbox will be created without group read and write permissions.
All users are advised to upgrade to these updated packages and also to check the /var/spool/mail directory to ensure that mailboxes have correct permissions.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2003:058. The text
# itself is copyright (C) Red Hat, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(12366);
script_version("1.24");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2002-1509");
script_xref(name:"RHSA", value:"2003:058");
script_name(english:"RHEL 2.1 : shadow-utils (RHSA-2003:058)");
script_summary(english:"Checks the rpm output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote Red Hat host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"Updated shadow-utils packages are now available. These updated
packages correct a bug that caused the useradd tool to create mail
spools with incorrect permissions.
The shadow-utils package includes programs for converting UNIX
password files to the shadow password format, plus programs for
managing user and group accounts. One of these programs is useradd,
which is used to create or update new user information.
When creating a user account, the version of useradd included in Red
Hat packages creates a mail spool file with incorrectly-set group
ownership. Instead of setting the file's group ownership to the 'mail'
group, it is set to the user's primary group.
On systems where other users share the same primary group, this would
allow those users to be able to read and write other user mailboxes.
These errata packages contain an updated patch to useradd. Where a
mail group exists, mailboxes will be created with group mail having
read and write permissions. Otherwise the mailbox will be created
without group read and write permissions.
All users are advised to upgrade to these updated packages and also to
check the /var/spool/mail directory to ensure that mailboxes have
correct permissions."
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2002-1509"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/errata/RHSA-2003:058"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected shadow-utils package."
);
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:N");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:shadow-utils");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1");
script_set_attribute(attribute:"vuln_publication_date", value:"2003/03/03");
script_set_attribute(attribute:"patch_publication_date", value:"2003/02/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/06");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Red Hat Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^2\.1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
if (cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i386", cpu);
yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo))
{
rhsa = "RHSA-2003:058";
yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
if (!empty_or_null(yum_report))
{
security_report_v4(
port : 0,
severity : SECURITY_NOTE,
extra : yum_report
);
exit(0);
}
else
{
audit_message = "affected by Red Hat security advisory " + rhsa;
audit(AUDIT_OS_NOT, audit_message);
}
}
else
{
flag = 0;
if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"shadow-utils-20000902-9.7")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_NOTE,
extra : rpm_report_get() + redhat_report_package_caveat()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "shadow-utils");
}
}