Cmd5checkpw Local Poppasswd File Disclosure Vulnerability
BID:12668
Info
Cmd5checkpw Local Poppasswd File Disclosure Vulnerability
| Bugtraq ID: | 12668 |
| Class: | Design Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Feb 25 2005 12:00AM |
| Updated: | Feb 25 2005 12:00AM |
| Credit: | This vulnerability was discovered by Florian Westphal. |
| Vulnerable: |
Krzysztof Dabrowski cmd5checkpw 0.22 Krzysztof Dabrowski cmd5checkpw 0.21 Krzysztof Dabrowski cmd5checkpw 0.20 |
| Not Vulnerable: | |
Discussion
Cmd5checkpw Local Poppasswd File Disclosure Vulnerability
cmd5checkpw is reported prone to a vulnerability that can result in the disclosure of the '/etc/poppasswd' file.
A local user that has knowledge of one of the username/password combinations stored in the '/etc/poppasswd' file may exploit this vulnerability to disclose the contents of the 'poppasswd' file.
cmd5checkpw is reported prone to a vulnerability that can result in the disclosure of the '/etc/poppasswd' file.
A local user that has knowledge of one of the username/password combinations stored in the '/etc/poppasswd' file may exploit this vulnerability to disclose the contents of the 'poppasswd' file.
Exploit / POC
Cmd5checkpw Local Poppasswd File Disclosure Vulnerability
No epxloit is required.
No epxloit is required.
Solution / Fix
Cmd5checkpw Local Poppasswd File Disclosure Vulnerability
Solution:
Gentoo has released an advisory (GLSA 200502-30) and fixes to address this vulnerability. Gentoo users may apply these fixes by invoking the following commands as a superuser:
emerge --sync
emerge --ask --oneshot --verbose ">=net-mail/cmd5checkpw-0.22-r2"
Solution:
Gentoo has released an advisory (GLSA 200502-30) and fixes to address this vulnerability. Gentoo users may apply these fixes by invoking the following commands as a superuser:
emerge --sync
emerge --ask --oneshot --verbose ">=net-mail/cmd5checkpw-0.22-r2"
References
Cmd5checkpw Local Poppasswd File Disclosure Vulnerability
References:
References: