Improper Preservation of Permissions
CVE-2001-0195
Summary
sash before 3.4-4 in Debian GNU/Linux does not properly clone /etc/shadow, which makes it world-readable and could allow local users to gain privileges via password cracking.
- LOW
- LOCAL
- HIGH
- UNCHANGED
- NONE
- LOW
- HIGH
- HIGH
CWE-281 - Improper Preservation of Permissions
The software does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.
References
Advisory Timeline
- Published