Vulnerabilities > CVE-2005-0580 - Local Security vulnerability in Cmd5Checkpw 0.20/0.21/0.22
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
cmd5checkpw, when running setuid, does not properly drop privileges before calling the execvp function, which allows local users to read the poppasswd file.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |
Nessus
NASL family | Gentoo Local Security Checks |
NASL id | GENTOO_GLSA-200502-30.NASL |
description | The remote host is affected by the vulnerability described in GLSA-200502-30 (cmd5checkpw: Local password leak vulnerability) Florian Westphal discovered that cmd5checkpw is installed setuid cmd5checkpw but does not drop privileges before calling execvp(), so the invoked program retains the cmd5checkpw euid. Impact : Local users that know at least one valid /etc/poppasswd user/password combination can read the /etc/poppasswd file. Workaround : There is no known workaround at this time. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 17233 |
published | 2005-03-01 |
reporter | This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/17233 |
title | GLSA-200502-30 : cmd5checkpw: Local password leak vulnerability |