cmd5checkpw: Local password leak vulnerability cmd5checkpw contains a flaw allowing local users to access other users cmd5checkpw passwords. cmd5checkpw 2005-02-25 2006-05-22 78256 local 0.22-r2 0.22-r1

cmd5checkpw is a checkpassword compatible authentication program that uses CRAM-MD5 authentication mode.

Florian Westphal discovered that cmd5checkpw is installed setuid cmd5checkpw but does not drop privileges before calling execvp(), so the invoked program retains the cmd5checkpw euid.

Local users that know at least one valid /etc/poppasswd user/password combination can read the /etc/poppasswd file.

There is no known workaround at this time.

All cmd5checkpw users should upgrade to the latest available version:

# emerge --sync # emerge --ask --oneshot --verbose ">=net-mail/cmd5checkpw-0.22-r2" CVE-2005-0580 vorlon078 DerCorny koon