1. Gentoo Linux Security Advisory
| Advisory Reference | GLSA 200502-30 / cmd5checkpw |
| Release Date | February 25, 2005 |
| Latest Revision | May 22, 2006: 02 |
| Impact | low |
| Exploitable | local |
| Package | Vulnerable versions | Unaffected versions | Architecture(s) |
| net-mail/cmd5checkpw | <= 0.22-r1 | >= 0.22-r2 | All supported architectures |
Related bugreports: #78256
cmd5checkpw contains a flaw allowing local users to access other users cmd5checkpw passwords.
cmd5checkpw is a checkpassword compatible authentication program that uses CRAM-MD5 authentication mode.
Florian Westphal discovered that cmd5checkpw is installed setuid cmd5checkpw but does not drop privileges before calling execvp(), so the invoked program retains the cmd5checkpw euid.
Local users that know at least one valid /etc/poppasswd user/password combination can read the /etc/poppasswd file.
There is no known workaround at this time.
All cmd5checkpw users should upgrade to the latest available version:
Code Listing 3.1: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose ">=net-mail/cmd5checkpw-0.22-r2" |