cmd5checkpw contains a flaw allowing local users to access other users cmd5checkpw passwords.
Package | net-mail/cmd5checkpw on all architectures |
---|---|
Affected versions | <= 0.22-r1 |
Unaffected versions | >= 0.22-r2 |
cmd5checkpw is a checkpassword compatible authentication program that uses CRAM-MD5 authentication mode.
Florian Westphal discovered that cmd5checkpw is installed setuid cmd5checkpw but does not drop privileges before calling execvp(), so the invoked program retains the cmd5checkpw euid.
Local users that know at least one valid /etc/poppasswd user/password combination can read the /etc/poppasswd file.
There is no known workaround at this time.
All cmd5checkpw users should upgrade to the latest available version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-mail/cmd5checkpw-0.22-r2"
Release date
February 25, 2005
Latest revision
May 22, 2006: 02
Severity
low
Exploitable
local
Bugzilla entries