GLSA Bodhisattva
Joined: 17 Apr 2002 Posts: 2602 Location: Baltimore, MD
|
Posted: Fri Feb 25, 2005 10:46 pm Post subject: [ GLSA 200502-30 ] cmd5checkpw: Local password leak vulnerab |
|
|
Gentoo Linux Security Advisory
Title: cmd5checkpw: Local password leak vulnerability (GLSA 200502-30)
Severity: low
Exploitable: local
Date: February 25, 2005
Updated: May 22, 2006
Bug(s): #78256
ID: 200502-30
Synopsis
cmd5checkpw contains a flaw allowing local users to access other users
cmd5checkpw passwords.
Background
cmd5checkpw is a checkpassword compatible authentication program that
uses CRAM-MD5 authentication mode.
Affected Packages
Package: net-mail/cmd5checkpw
Vulnerable: <= 0.22-r1
Unaffected: >= 0.22-r2
Architectures: All supported architectures
Description
Florian Westphal discovered that cmd5checkpw is installed setuid
cmd5checkpw but does not drop privileges before calling execvp(), so
the invoked program retains the cmd5checkpw euid.
Impact
Local users that know at least one valid /etc/poppasswd user/password
combination can read the /etc/poppasswd file.
Workaround
There is no known workaround at this time.
Resolution
All cmd5checkpw users should upgrade to the latest available version:
Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-mail/cmd5checkpw-0.22-r2" |
References
CVE-2005-0580
Last edited by GLSA on Wed Dec 31, 2014 4:19 am; edited 4 times in total |
|