Vulnerabilities > CVE-2004-2396
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN nessus
Summary
passwd 0.68 does not check the return code for the pam_start function, which has unknown impact and attack vectors that may prevent "safe and proper operation" of PAM.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| OS | 10 |
Nessus
| NASL family | Mandriva Local Security Checks |
| NASL id | MANDRAKE_MDKSA-2004-045.NASL |
| description | Steve Grubb found some problems in the passwd program. Passwords given to passwd via stdin are one character shorter than they are supposed to be. He also discovered that pam may not have been sufficiently initialized to ensure safe and proper operation. A few small memory leaks have been fixed as well. The updated packages are patched to correct these problems. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 14144 |
| published | 2004-07-31 |
| reporter | This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/14144 |
| title | Mandrake Linux Security Advisory : passwd (MDKSA-2004:045) |
References
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120060
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120060
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:045
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:045
- http://www.securityfocus.com/bid/10370
- http://www.securityfocus.com/bid/10370
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16179
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16179