4 matches found
CVE-2005-0580
cmd5checkpw, when running setuid, does not properly drop privileges before calling the execvp function, which allows local users to read the poppasswd file...
Gentoo Security Advisory GLSA 200502-30 (cmd5checkpw)
The remote host is missing updates announced in advisory GLSA 200502-30. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
CVE-2005-0580
CVE-2005-0580 affects cmd5checkpw, where the setuid program does not drop privileges before invoking execvp, enabling local users to read the /etc/poppasswd file. Connected sources (Gentoo GLSA 200502-30, Red Hat advisory, NVD/CVE entry, OpenVAS plugin) corroborate that the root cause is improper...
CVE-2005-0580
cmd5checkpw, when running setuid, does not properly drop privileges before calling the execvp function, which allows local users to read the poppasswd file...