Gentoo Logo

cmd5checkpw: Local password leak vulnerability


1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 200502-30 / cmd5checkpw
Release Date February 25, 2005
Latest Revision May 22, 2006: 02
Impact low
Exploitable local
Package Vulnerable versions Unaffected versions Architecture(s)
net-mail/cmd5checkpw <= 0.22-r1 >= 0.22-r2 All supported architectures

Related bugreports: #78256


cmd5checkpw contains a flaw allowing local users to access other users cmd5checkpw passwords.

2.  Impact Information


cmd5checkpw is a checkpassword compatible authentication program that uses CRAM-MD5 authentication mode.


Florian Westphal discovered that cmd5checkpw is installed setuid cmd5checkpw but does not drop privileges before calling execvp(), so the invoked program retains the cmd5checkpw euid.


Local users that know at least one valid /etc/poppasswd user/password combination can read the /etc/poppasswd file.

3.  Resolution Information


There is no known workaround at this time.


All cmd5checkpw users should upgrade to the latest available version:

Code Listing 3.1: Resolution

# emerge --sync 
# emerge --ask --oneshot --verbose ">=net-mail/cmd5checkpw-0.22-r2"

4.  References


Page updated February 25, 2005

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Copyright 2001-2015 Gentoo Foundation, Inc. Questions, Comments? Contact us.