{"vuid":"VU#424080","idnumber":"424080","name":"shadow-utils useradd creates temporary files insecurely","keywords":["shadow-utils","useradd","race","symlink","temporary","tmp","/etc/default"],"overview":"Shadow-utils is an encryption and account management package freely distributed for many Linux implementations. The useradd program in this package creates insecure temporary files with predictable names in a write-protected directory. If this directory is changed to be writable, an attacker may be able to use a symbolic link attack to overwrite arbitrary files.","clean_desc":"The useradd program calls the passwd program, which stores temporary files with predictable names in /etc/default, a protected directory. The program does not check for prior existence or ownership of these files. Useradd normally runs with setuid root privileges.","impact":"If /etc/default is changed to be world-writable, an attacker may be able to create a symbolic link with predictable name, and point it to any writable file on the system. This may cause corruption of the file.","resolution":"Apply vendor patches; see the Systems Affected section below.","workarounds":"Change /etc/default to not be world-writable.","sysaffected":"","thanks":"This vulnerability was first reported by Greg Kroah-Hartman","author":"This document was last modified by Tim Shimeall.","public":["http://www.securityfocus.com/bid/2196","http://www.linux-mandrake.com/en/updates/2001/MDKSA-2001-007.php3?dis=7.2","http://www.linuxsecurity.com/advisories/other_advisory-1034.html"],"cveids":["CVE-2001-0120"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2001-01-12T18:21:51Z","publicdate":"2001-01-10T00:00:00Z","datefirstpublished":"2001-11-08T18:19:36Z","dateupdated":"2001-11-08T18:19:43Z","revision":10,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"5","cam_population":"10","cam_impact":"8","cam_easeofexploitation":"1","cam_attackeraccessrequired":"10","cam_scorecurrent":"0.3","cam_scorecurrentwidelyknown":"0.375","cam_scorecurrentwidelyknownexploited":"0.675","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":0.3,"vulnote":null}