Vulnerability Description
A patch for shadow-utils 20000902 causes the useradd command to create a mail spool files with read/write privileges of the new user's group (mode 660), which allows other users in the same group to read or modify the new user's incoming email.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Linux | 7.2 |
References
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=75418Vendor Advisory
- http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:026
- http://www.redhat.com/support/errata/RHSA-2003-057.html
- http://www.redhat.com/support/errata/RHSA-2003-058.html
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=75418Vendor Advisory
- http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:026
- http://www.redhat.com/support/errata/RHSA-2003-057.html
- http://www.redhat.com/support/errata/RHSA-2003-058.html
FAQ
What is CVE-2002-1509?
CVE-2002-1509 is a vulnerability with a CVSS score of 3.6 (LOW). A patch for shadow-utils 20000902 causes the useradd command to create a mail spool files with read/write privileges of the new user's group (mode 660), which allows other users in the same group to r...
How severe is CVE-2002-1509?
CVE-2002-1509 has been rated LOW with a CVSS base score of 3.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-1509?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Linux.