2.11D

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

andries-brouwer

NVD

Published: 2002-04-01

Updated: 2017-10-10

Summary

vipw in the util-linux package before 2.10 causes /etc/shadow to be world-readable in some cases, which would make it easier for local users to perform brute force password guessing.

Vulnerable Configurations

Part	Description	Count
Application	Andries_Brouwer Andries Brouwer Util Linux 2.10S Andries Brouwer Util Linux 2.11D	2

Redhat

advisories

rhsa
id RHSA-2001:095
rhsa
id RHSA-2001:132

References

http://www.redhat.com/support/errata/RHSA-2001-095.html
http://www.redhat.com/support/errata/RHSA-2001-132.html
http://www.securityfocus.com/bid/3036
https://exchange.xforce.ibmcloud.com/vulnerabilities/6851