Vulnerabilities > CVE-2004-2395 - Unspecified vulnerability in Mandrakesoft products

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

local

low complexity

mandrakesoft

nessus

NVD

Published: 2004-12-31

Updated: 2017-07-11

Summary

Memory leak in passwd 0.68 allows local users to cause a denial of service (memory consumption) via a large number of failed read attempts from the password buffer.

Vulnerable Configurations

Part	Description	Count
Application	Mandrakesoft Mandrakesoft Mandrake Multi Network Firewall 8.2	1
OS	Mandrakesoft Mandrakesoft Mandrake Linux 8.2 Mandrakesoft Mandrake Linux 9.0 Mandrakesoft Mandrake Linux 9.1 Mandrakesoft Mandrake Linux 9.2 Mandrakesoft Mandrake Linux 10.0 Mandrakesoft Mandrake Linux Corporate Server 2.1	10

Nessus

NASL family	Mandriva Local Security Checks
NASL id	MANDRAKE_MDKSA-2004-045.NASL
description	Steve Grubb found some problems in the passwd program. Passwords given to passwd via stdin are one character shorter than they are supposed to be. He also discovered that pam may not have been sufficiently initialized to ensure safe and proper operation. A few small memory leaks have been fixed as well. The updated packages are patched to correct these problems.
last seen	2020-06-01
modified	2020-06-02
plugin id	14144
published	2004-07-31
reporter	This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/14144
title	Mandrake Linux Security Advisory : passwd (MDKSA-2004:045)

Summary

Vulnerable Configurations

Nessus

References