Gentoo Logo

cmd5checkpw: Local password leak vulnerability

Content:

1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 200502-30 / cmd5checkpw
Release Date February 25, 2005
Latest Revision May 22, 2006: 02
Impact low
Exploitable local
Package Vulnerable versions Unaffected versions Architecture(s)
net-mail/cmd5checkpw <= 0.22-r1 >= 0.22-r2 All supported architectures

Related bugreports: #78256

Synopsis

cmd5checkpw contains a flaw allowing local users to access other users cmd5checkpw passwords.

2.  Impact Information

Background

cmd5checkpw is a checkpassword compatible authentication program that uses CRAM-MD5 authentication mode.

Description

Florian Westphal discovered that cmd5checkpw is installed setuid cmd5checkpw but does not drop privileges before calling execvp(), so the invoked program retains the cmd5checkpw euid.

Impact

Local users that know at least one valid /etc/poppasswd user/password combination can read the /etc/poppasswd file.

3.  Resolution Information

Workaround

There is no known workaround at this time.

Resolution

All cmd5checkpw users should upgrade to the latest available version:

Code Listing 3.1: Resolution

# emerge --sync 
# emerge --ask --oneshot --verbose ">=net-mail/cmd5checkpw-0.22-r2"

4.  References



Print

Page updated February 25, 2005

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.