2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
5.2%
cmd5checkpw is a checkpassword compatible authentication program that uses CRAM-MD5 authentication mode.
Florian Westphal discovered that cmd5checkpw is installed setuid cmd5checkpw but does not drop privileges before calling execvp(), so the invoked program retains the cmd5checkpw euid.
Local users that know at least one valid /etc/poppasswd user/password combination can read the /etc/poppasswd file.
There is no known workaround at this time.
All cmd5checkpw users should upgrade to the latest available version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-mail/cmd5checkpw-0.22-r2"
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Gentoo | any | all | net-mail/cmd5checkpw | <= 0.22-r1 | UNKNOWN |