0.22

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

local

low complexity

krzysztof-dabrowski

nessus

NVD

Published: 2005-02-25

Updated: 2008-09-05

Summary

cmd5checkpw, when running setuid, does not properly drop privileges before calling the execvp function, which allows local users to read the poppasswd file.

Vulnerable Configurations

Part	Description	Count
Application	Krzysztof_Dabrowski Krzysztof Dabrowski Cmd5Checkpw 0.20 Krzysztof Dabrowski Cmd5Checkpw 0.21 Krzysztof Dabrowski Cmd5Checkpw 0.22	3

Nessus

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-200502-30.NASL
description	The remote host is affected by the vulnerability described in GLSA-200502-30 (cmd5checkpw: Local password leak vulnerability) Florian Westphal discovered that cmd5checkpw is installed setuid cmd5checkpw but does not drop privileges before calling execvp(), so the invoked program retains the cmd5checkpw euid. Impact : Local users that know at least one valid /etc/poppasswd user/password combination can read the /etc/poppasswd file. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	17233
published	2005-03-01
reporter	This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/17233
title	GLSA-200502-30 : cmd5checkpw: Local password leak vulnerability

References

http://security.gentoo.org/glsa/glsa-200502-30.xml