CERTA-2005-AVI-013

Vulnerability from certfr_avis - Published: 2005-01-13 - Updated: 2005-01-13

None

Description

poppassd_pam est une bibliothèque utilisée pour modifier les mots de passes des serveurs POP.

Une vulnérabilité découverte dans la bibliothèque poppassd_pam permet à utilisateur distant mal intentionné de changer le mot de passe de n'importe quel utilisateur du système vulnérable, y compris le mot de passe du compte root (administrateur). Cette vulnérabilité est causée par une mauvaise vérification de l'ancien mot de passe.

Solution

Se réferer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. Documentation).

None
Impacted products
Vendor Product Description
N/A N/A poppassd_ceti 1.0 et versions antérieures ;
N/A N/A poppassd_pam 1.0 et vesions antérieures.
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "poppassd_ceti 1.0 et versions ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "poppassd_pam 1.0 et vesions ant\u00e9rieures.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\npoppassd_pam est une biblioth\u00e8que utilis\u00e9e pour modifier les mots de\npasses des serveurs POP.\n\nUne vuln\u00e9rabilit\u00e9 d\u00e9couverte dans la biblioth\u00e8que poppassd_pam permet \u00e0\nutilisateur distant mal intentionn\u00e9 de changer le mot de passe de\nn\u0027importe quel utilisateur du syst\u00e8me vuln\u00e9rable, y compris le mot de\npasse du compte root (administrateur). Cette vuln\u00e9rabilit\u00e9 est caus\u00e9e\npar une mauvaise v\u00e9rification de l\u0027ancien mot de passe.\n\n## Solution\n\nSe r\u00e9ferer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. Documentation).\n",
  "cves": [],
  "initial_release_date": "2005-01-13T00:00:00",
  "last_revision_date": "2005-01-13T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Gentoo GLSA-200501-22 du 11 janvier    2005 :",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200501-22.xml"
    }
  ],
  "reference": "CERTA-2005-AVI-013",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2005-01-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": null,
  "title": "Vuln\u00e9rabilit\u00e9 de poppassd_pam",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Gentoo GLSA-200501-22 du 11 janvier 2005",
      "url": null
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.