4 matches found
CVE-2005-0580
cmd5checkpw, when running setuid, does not properly drop privileges before calling the execvp function, which allows local users to read the poppasswd file...
GLSA-200502-30 : cmd5checkpw: Local password leak vulnerability
The remote host is affected by the vulnerability described in GLSA-200502-30 cmd5checkpw: Local password leak vulnerability Florian Westphal discovered that cmd5checkpw is installed setuid cmd5checkpw but does not drop privileges before calling execvp, so the invoked program retains the cmd5check...
[ GLSA 200502-30 ] cmd5checkpw: Local password leak vulnerability
Gentoo Linux Security Advisory GLSA 200502-30 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...
cmd5checkpw: Local password leak vulnerability
Background cmd5checkpw is a checkpassword compatible authentication program that uses CRAM-MD5 authentication mode. Description Florian Westphal discovered that cmd5checkpw is installed setuid cmd5checkpw but does not drop privileges before calling execvp, so the invoked program retains the...