Name of the Vulnerable Software and Affected Versions Mageia 4

Description An issue was identified where the /etc/shadow and /etc/gshadow files containing password hashes were created with incorrect permissions, making them world-readable. This issue only affected new Mageia 4 installations, while systems updated from previous Mageia versions were not affected.

Recommendations For Mageia 4, ensure that the /etc/shadow and /etc/gshadow files are owned by the root user and shadow group, and are only readable by those two entities. As a temporary workaround, consider manually adjusting the permissions of these files to prevent unauthorized access until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.