CVE-2002-1509

Name of the Vulnerable Software and Affected Versions shadow-utils version 20000902

Description The issue allows other users in the same group to read or modify the new user's incoming email due to the creation of mail spool files with read/write privileges of the new user's group. This can lead to a violation of confidentiality and integrity of protected information. The exploitation of this issue can be carried out locally.

Recommendations For shadow-utils version 20000902, consider changing the permissions of the mail spool files to prevent other users in the same group from reading or modifying the new user's incoming email. As a temporary workaround, restrict access to the mail spool files until a patch is available.