Koblinger Egmont

Name of the Vulnerable Software and Affected Versions: shadow-utils versions prior to 4.0.8 shadow-utils version 4.0.3 Description: The issue concerns a problem with the `useradd` function in shadow-utils, where it does not provide a required argument to the `open` function when creating a new user mailbox. This causes the mailbox to be created with unpredictable permissions, which may allow attackers to read or modify the mailbox. The exploitation of this issue can be done locally and may lead to a breach of confidentiality, integrity, and availability of protected information. Recommendations: For shadow-utils versions prior to 4.0.8, update to version 4.0.8 or later to resolve the issue. For shadow-utils version 4.0.3, update to version 4.0.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the `useradd` function in shadow-utils until a patch is available.