CVE-2005-3503 - chfn in pwdutils 3.0.4 and earlier on SuSE Linux, and possibly other operating systems, does not pro

CVE-2005-3503

Summary

chfn in pwdutils 3.0.4 and earlier on SuSE Linux, and possibly other operating systems, does not properly check arguments for the GECOS field, which allows local users to gain privileges.

References

http://secunia.com/advisories/17469
http://www.osvdb.org/20525
http://www.securityfocus.com/archive/1/415725/30/0/threaded
http://www.securityfocus.com/bid/15314

Vulnerable Configurations

cpe:2.3:a:pwdutils:pwdutils:*:*:suse_linux:*:*:*:*:*
cpe:2.3:a:pwdutils:pwdutils:*:*:suse_linux:*:*:*:*:*

CVSS

Base:	7.2 (as of 19-10-2018 - 15:36)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	15314
osvdb	20525
secunia	17469
suse	SUSE-SA:2005:064

Last major update

19-10-2018 - 15:36

Published

05-11-2005 - 11:02

Last modified

19-10-2018 - 15:36