Vulnerabilities > CVE-2004-2395 - Unspecified vulnerability in Mandrakesoft products
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Memory leak in passwd 0.68 allows local users to cause a denial of service (memory consumption) via a large number of failed read attempts from the password buffer.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 | |
OS | 10 |
Nessus
NASL family | Mandriva Local Security Checks |
NASL id | MANDRAKE_MDKSA-2004-045.NASL |
description | Steve Grubb found some problems in the passwd program. Passwords given to passwd via stdin are one character shorter than they are supposed to be. He also discovered that pam may not have been sufficiently initialized to ensure safe and proper operation. A few small memory leaks have been fixed as well. The updated packages are patched to correct these problems. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 14144 |
published | 2004-07-31 |
reporter | This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/14144 |
title | Mandrake Linux Security Advisory : passwd (MDKSA-2004:045) |