Details of VAR-200412-0290

ID

VAR-200412-0290

CVE

CVE-2004-2394

TITLE

Mandrake Linux passwd Unknown security vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200412-780

DESCRIPTION

Off-by-one error in passwd 0.68 and earlier, when using the --stdin option, causes passwd to use the first 78 characters of a password instead of the first 79, which results in a small reduction of the search space required for brute force attacks. Two potential security issues reportedly affect the implementation of passwd included with Mandrake Linux, according to Mandrake advisory MDKSA-2004:045. According to the report, passwords supplied to passwd via stdin are incorrectly one character shorter than they should be. It is not known whether this behavior occurs at the interactive prompt or if the implementation allows for passwords to be "piped" to passwd through stdin. This may or may not have security implications as the user's password will not be stored correctly and the user will not be able to login. It is conceivable that this could result in a less secure password. The second issue reported by Mandrake is that PAM may not be initialized correctly and "safe and proper" operation may not be ensured. Further technical details are not known. Mandrake Linux is an open source operating system

Trust: 1.26

sources: NVD: CVE-2004-2394 // BID: 10370 // VULHUB: VHN-10822

AFFECTED PRODUCTS

vendor:	mandrakesoft	model:	mandrake linux corporate server	scope:	eq	version:	2.1	Trust: 1.6
vendor:	mandrakesoft	model:	mandrake linux	scope:	eq	version:	9.2	Trust: 1.6
vendor:	mandrakesoft	model:	mandrake linux	scope:	eq	version:	9.1	Trust: 1.6
vendor:	mandrakesoft	model:	mandrake multi network firewall	scope:	eq	version:	8.2	Trust: 1.6
vendor:	mandrakesoft	model:	mandrake linux	scope:	eq	version:	10.0	Trust: 1.6
vendor:	mandrakesoft	model:	mandrake linux	scope:	eq	version:	9.0	Trust: 1.6
vendor:	mandrakesoft	model:	mandrake linux	scope:	eq	version:	8.2	Trust: 1.6
vendor:	mandriva	model:	linux mandrake	scope:	eq	version:	10.0	Trust: 0.3
vendor:	mandriva	model:	linux mandrake amd64	scope:	eq	version:	9.2	Trust: 0.3
vendor:	mandriva	model:	linux mandrake	scope:	eq	version:	9.2	Trust: 0.3
vendor:	mandriva	model:	linux mandrake ppc	scope:	eq	version:	9.1	Trust: 0.3
vendor:	mandriva	model:	linux mandrake	scope:	eq	version:	9.1	Trust: 0.3
vendor:	mandriva	model:	linux mandrake	scope:	eq	version:	9.0	Trust: 0.3
vendor:	mandriva	model:	linux mandrake ppc	scope:	eq	version:	8.2	Trust: 0.3
vendor:	mandriva	model:	linux mandrake	scope:	eq	version:	8.2	Trust: 0.3
vendor:	mandrakesoft	model:	multi network firewall	scope:	eq	version:	2.0	Trust: 0.3
vendor:	mandrakesoft	model:	corporate server x86 64	scope:	eq	version:	2.1	Trust: 0.3
vendor:	mandrakesoft	model:	corporate server	scope:	eq	version:	2.1	Trust: 0.3

sources: BID: 10370 // CNNVD: CNNVD-200412-780 // NVD: CVE-2004-2394

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-2394
value:	LOW
Trust: 1.0
CNNVD:	CNNVD-200412-780
value:	LOW
Trust: 0.6
VULHUB:	VHN-10822
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2004-2394
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-10822
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-10822 // CNNVD: CNNVD-200412-780 // NVD: CVE-2004-2394

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-2394

THREAT TYPE

local

Trust: 0.9

sources: BID: 10370 // CNNVD: CNNVD-200412-780

TYPE

Unknown

Trust: 0.9

sources: BID: 10370 // CNNVD: CNNVD-200412-780

EXTERNAL IDS

db:	BID	id:	10370	Trust: 2.0
db:	NVD	id:	CVE-2004-2394	Trust: 1.7
db:	CNNVD	id:	CNNVD-200412-780	Trust: 0.7
db:	XF	id:	16178	Trust: 0.6
db:	MANDRAKE	id:	MDKSA-2004:045	Trust: 0.6
db:	NSFOCUS	id:	6467	Trust: 0.6
db:	VULHUB	id:	VHN-10822	Trust: 0.1

sources: VULHUB: VHN-10822 // BID: 10370 // CNNVD: CNNVD-200412-780 // NVD: CVE-2004-2394

REFERENCES

url:	http://www.securityfocus.com/bid/10370	Trust: 1.7
url:	http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120060	Trust: 1.7
url:	http://www.mandriva.com/security/advisories?name=mdksa-2004:045	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/16178	Trust: 1.1
url:	http://xforce.iss.net/xforce/xfdb/16178	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/6467	Trust: 0.6

sources: VULHUB: VHN-10822 // CNNVD: CNNVD-200412-780 // NVD: CVE-2004-2394

CREDITS

Steve Grubb※ linux_4ever@yahoo.com

Trust: 0.6

sources: CNNVD: CNNVD-200412-780

SOURCES

db:	VULHUB	id:	VHN-10822
db:	BID	id:	10370
db:	CNNVD	id:	CNNVD-200412-780
db:	NVD	id:	CVE-2004-2394

LAST UPDATE DATE

2024-08-14T15:20:13.333000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-10822	date:	2017-07-11T00:00:00
db:	BID	id:	10370	date:	2004-05-17T00:00:00
db:	CNNVD	id:	CNNVD-200412-780	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2004-2394	date:	2017-07-11T01:31:51.607

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-10822	date:	2004-12-31T00:00:00
db:	BID	id:	10370	date:	2004-05-17T00:00:00
db:	CNNVD	id:	CNNVD-200412-780	date:	2004-05-17T00:00:00
db:	NVD	id:	CVE-2004-2394	date:	2004-12-31T05:00:00