PT-2005-1628 · Unknown · Cmd5Checkpw

Florian Westphal

Published

2005-02-25

Updated

2008-09-05

CVE-2005-0580

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions cmd5checkpw (affected versions not specified)

Description The issue is related to cmd5checkpw, which does not properly drop privileges when running setuid. This allows local users to read the poppasswd file by exploiting the improper privilege handling before the execvp function is called.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-0580

Affected Products

Cmd5Checkpw

PT-2005-1628 · Unknown · Cmd5Checkpw

CVE-2005-0580

Related Identifiers

Affected Products

References · 2