|
Vulnerability Assessment & Network Security Forums |
|||||||||
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery. Home >> Browse Vulnerability Assessment Database >> Red Hat Local Security Checks >> RHSA-2003-058: shadow Vulnerability Assessment Details
|
RHSA-2003-058: shadow |
||
Check for the version of the shadow packages Detailed Explanation for this Vulnerability Assessment Updated shadow-utils packages are now available. These updated packages correct a bug that caused the useradd tool to create mail spools with incorrect permissions. The shadow-utils package includes programs for converting UNIX password files to the shadow password format, plus programs for managing user and group accounts. One of these programs is useradd, which is used to create or update new user information. When creating a user account, the version of useradd included in Red Hat packages creates a mail spool file with incorrectly-set group ownership. Instead of setting the file's group ownership to the "mail" group, it is set to the user's primary group. On systems where other users share the same primary group, this would permit those users to be able to read and write other user mailboxes. These errata packages contain an updated patch to useradd. Where a mail group exists, mailboxes will be created with group mail having read and write permissions. Otherwise the mailbox will be created without group read and write permissions. All users are advised to upgrade to these updated packages and also to check the /var/spool/mail directory to ensure that mailboxes have correct permissions. Solution : http://rhn.redhat.com/errata/RHSA-2003-058.html Network Security Threat Level: High Networks Security ID: Vulnerability Assessment Copyright: This script is Copyright (C) 2004 Tenable Network Security |
||
Cables, Connectors |
Cisco SF350-08 8-Port Managed 10/100 Switch SF350-08-K9-NA
$164.00
Cisco Meraki MA-SFP-1GB-SX 1000BASE-SX SFP Transceiver Module
$24.99
Cisco GLC-FE-100FX-RGD 100BASE-FX SFP Transceiver Module
$17.99
Cisco GLC-GE-100FX 100BASE-FX SGMII SFP, 1310nm, 2km, LC, MMF
$83.99
Genuine Cisco SFP-10G-SR V03 10GBASE-SR SFP+ Transceiver Module 10-2415-03
$8.00
SFP-10G-SR Original Cisco 10GBASE-SR SFP+ V02 Multi mode Transceiver 10-2415-02
$5.00
Brand New Cisco GLC-LH-SMD 1000BASE-LX/LH SFP Module 1310nm 10km SMF LC
$13.89
Lot of 10 - HP 10Gb SR SFP+ Transceiver 455883-B21 455885-001 456096-001 850nm
$23.99
LOT OF 20 Genuine Cisco SFP-10G-SR V03 10GBASE-SR SFP+ Transceiver Module
$89.00
SFP-10G-SR V03 Original CISCO 10-2415-03 850nm 10GBASE-SR SFP+ Multi mode Module
$6.80
|
||
No Discussions have been posted on this vulnerability. |