Joined: 17 Apr 2002
Location: Raleigh, NC
|Posted: Fri Feb 25, 2005 10:46 pm Post subject: [ GLSA 200502-30 ] cmd5checkpw: Local password leak vulnerab
|Gentoo Linux Security Advisory
Title: cmd5checkpw: Local password leak vulnerability (GLSA 200502-30)
Date: February 25, 2005
Updated: May 22, 2006
cmd5checkpw contains a flaw allowing local users to access other users cmd5checkpw passwords.
cmd5checkpw is a checkpassword compatible authentication program that uses CRAM-MD5 authentication mode.
Vulnerable: <= 0.22-r1
Unaffected: >= 0.22-r2
Architectures: All supported architectures
Florian Westphal discovered that cmd5checkpw is installed setuid cmd5checkpw but does not drop privileges before calling execvp(), so the invoked program retains the cmd5checkpw euid.
Local users that know at least one valid /etc/poppasswd user/password combination can read the /etc/poppasswd file.
There is no known workaround at this time.
All cmd5checkpw users should upgrade to the latest available version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=net-mail/cmd5checkpw-0.22-r2"
Last edited by GLSA on Mon May 22, 2006 4:18 am; edited 2 times in total