CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2005-0580

cmd5checkpw, when running setuid, does not properly drop privileges before calling the execvp function, which allows local users to read the poppasswd file.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 20.2%

CVSS Severity

CVSS v2 Score 2.1

References

http://security.gentoo.org/glsa/glsa-200502-30.xml
http://security.gentoo.org/glsa/glsa-200502-30.xml

Products affected by CVE-2005-0580

Krzysztof Dabrowski » Cmd5checkpw » Version: 0.20

cpe:2.3:a:krzysztof_dabrowski:cmd5checkpw:0.20
Krzysztof Dabrowski » Cmd5checkpw » Version: 0.21

cpe:2.3:a:krzysztof_dabrowski:cmd5checkpw:0.21
Krzysztof Dabrowski » Cmd5checkpw » Version: 0.22

cpe:2.3:a:krzysztof_dabrowski:cmd5checkpw:0.22

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2005-0580

Products

Pricing

Contact Us