Chetcpasswd Security Vulnerabilities and Issues — Chetcpasswd CVE List

Lucene search

ChetcpasswdChetcpasswd

6 matches found

CVE•added 2006/12/21 7:0 p.m.•39 views

CVE-2002-2219

chetcpasswd.cgi in Pedro Lineu Orso chetcpasswd before 2.1 allows remote attackers to read the last line of the shadow file via a long user (userid) field.

7.5CVSS6.5AI score0.08811EPSS

CVE•added 2006/12/19 8:28 p.m.•37 views

CVE-2006-6639

Multiple unspecified vulnerabilities in chetcpasswd 2.4.1 allow local users to gain privileges via unspecified vectors related to executing (1) the cp program, (2) the mail program, or (3) the program specified in the post_change configuration line.

4.6CVSS6.7AI score0.00061EPSS

CVE•added 2006/12/21 7:28 p.m.•37 views

CVE-2006-6680

Pedro Lineu Orso chetcpasswd before 2.3.1 does not document the need for 0400 permissions on /etc/chetcpasswd.allow, which might allow local users to gain sensitive information by reading this file.

4.6CVSS6.5AI score0.00044EPSS

CVE•added 2006/12/21 7:0 p.m.•33 views

CVE-2002-2221

Untrusted search path vulnerability in Pedro Lineu Orso chetcpasswd 2.4.1 and earlier allows local users to gain privileges via a modified PATH that references a malicious cp binary. NOTE: this issue might overlap CVE-2006-6639.

6.2CVSS6.9AI score0.00061EPSS

CVE•added 2006/12/21 7:28 p.m.•32 views

CVE-2006-6681

Pedro Lineu Orso chetcpasswd 2.3.3 does not have a rate limit for client requests, which might allow remote attackers to determine passwords via a dictionary attack.

7.5CVSS7AI score0.00877EPSS

CVE•added 2006/12/21 7:0 p.m.•29 views

CVE-2002-2220

Buffer overflow in Pedro Lineu Orso chetcpasswd before 1.12, when configured for access from 0.0.0.0, allows local users to gain privileges via unspecified vectors.

6.2CVSS7.2AI score0.00049EPSS