Vulnerability Details CVE-2002-1509
A patch for shadow-utils 20000902 causes the useradd command to create a mail spool files with read/write privileges of the new user's group (mode 660), which allows other users in the same group to read or modify the new user's incoming email.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 23.8%
CVSS Severity
CVSS v2 Score 3.6
References
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=75418
- http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:026
- http://www.redhat.com/support/errata/RHSA-2003-057.html
- http://www.redhat.com/support/errata/RHSA-2003-058.html
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=75418
- http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:026
- http://www.redhat.com/support/errata/RHSA-2003-057.html
- http://www.redhat.com/support/errata/RHSA-2003-058.html