|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2005-3503: pwdutils: trivial root exploit using chfn | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Marcus Meissner <meissner> |
| Component: | Incidents | Assignee: | Security Team bot <security-team> |
| Status: | RESOLVED FIXED | QA Contact: | Security Team bot <security-team> |
| Severity: | Normal | ||
| Priority: | P5 - None | CC: | security-team |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| Whiteboard: | CVE-2005-3503: CVSS v2 Base Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C) | ||
| Found By: | Other | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
|
Comment 4
Ludwig Nussel
2005-10-24 12:48:55 UTC
patchinfos submitted. Everything is submitted. Please read and obey the following best practice guideline next time, thanks. http://w3d.suse.de/Dev/Components/Packages/PackMan/pm_pr_fixing_bug.html#pm_pr_fb_bt_security_bugs Patchinfos are not yet checked in, no updates released yet => Bug still open for security team. Please read bugzilla guidline of TPMs: A bug has to be closed, if developer has fixed and submitted everything to autobuild. If security team needs something for tracking they should use SWAMP, that is a progress tracking tool. Bugzilla is not such a tool, especially since developers have no influence on next steps. here we go again approved and advisory released. CVE-2005-3503 "chfn in pwdutils 3.0.4 and earlier on SuSE Linux, and possibly other operating systems, does not properly check arguments for the GECOS field, which allows local users to gain privileges." CVE-2005-3503: CVSS v2 Base Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C) |