Total vulnerabilities in the database
useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and possibly allows attackers to read or modify the mailbox.
| Software | From | Fixed in |
|---|---|---|
| debian / shadow | 4.0.0 | 4.0.0.x |
| debian / shadow | 4.0.1 | 4.0.1.x |
| debian / shadow | 4.0.2 | 4.0.2.x |
| debian / shadow | 4.0.4 | 4.0.4.x |
| debian / shadow | 4.0.4.1 | 4.0.4.1.x |
| debian / shadow | 4.0.5 | 4.0.5.x |
| debian / shadow | 4.0.6 | 4.0.6.x |
| debian / shadow | - | 4.0.7.x |