Vulnerabilities > CVE-2004-2396

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

mandrakesoft

nessus

NVD

Published: 2004-12-31

Updated: 2017-07-11

Summary

passwd 0.68 does not check the return code for the pam_start function, which has unknown impact and attack vectors that may prevent "safe and proper operation" of PAM.

Vulnerable Configurations

Part	Description	Count
Application	Mandrakesoft Mandrakesoft Mandrake Multi Network Firewall 8.2	1
OS	Mandrakesoft Mandrakesoft Mandrake Linux 8.2 Mandrakesoft Mandrake Linux 9.0 Mandrakesoft Mandrake Linux 9.1 Mandrakesoft Mandrake Linux 9.2 Mandrakesoft Mandrake Linux 10.0 Mandrakesoft Mandrake Linux Corporate Server 2.1	10

Nessus

NASL family	Mandriva Local Security Checks
NASL id	MANDRAKE_MDKSA-2004-045.NASL
description	Steve Grubb found some problems in the passwd program. Passwords given to passwd via stdin are one character shorter than they are supposed to be. He also discovered that pam may not have been sufficiently initialized to ensure safe and proper operation. A few small memory leaks have been fixed as well. The updated packages are patched to correct these problems.
last seen	2020-06-01
modified	2020-06-02
plugin id	14144
published	2004-07-31
reporter	This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/14144
title	Mandrake Linux Security Advisory : passwd (MDKSA-2004:045)

Vulnerabilities > CVE-2004-2396 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2004-2396"}]}

Summary

Vulnerable Configurations

Nessus

References

Vulnerabilities > CVE-2004-2396