CVE-2005-0580 in cmd5checkpwinfo

Summary

cmd5checkpw when running setuid does not properly drop privileges before calling the execvp function which allows local users to read the poppasswd file.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservation

02/27/2005

Disclosure

02/25/2005

Moderation

VulDB entry created

Entries

1: VDB-23989

CPE

ready

CWE

CWE-200 (Unconfirmed)

CVSS

4.0

EPSS

0.00064

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2005-0580
NVD	https://nvd.nist.gov/vuln/detail/CVE-2005-0580
CVE Details	https://www.cvedetails.com/cve/CVE-2005-0580/

◂ Previous Overview Next ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!