Access Restriction Bypass in shadow

Do your applications use this vulnerable package? Test your applications

Overview

initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.

References

BUGTRAQ
BUGTRAQ
CONFIRM
Dead Link
Dead Link
Debian Security Tracker
Secunia Advisory
Security Focus
VUPEN

Attack Vector

Local
Attack Complexity

Low
Privileges Required

None
User Interaction

None
Scope

Unchanged
Confidentiality

High
Integrity

None
Availability

None

CVE: CVE-2007-5686
CWE: CWE-264
Snyk ID: SNYK-DEBIAN10-SHADOW-306250
Disclosed: 28 Oct, 2007
Published: 28 Oct, 2007

Access Restriction Bypass
Affecting shadow package, versions *

Overview

References

CVSS Score

Access Restriction Bypass Affecting shadow package, versions *

Overview

References

Access Restriction Bypass
Affecting shadow package, versions *