VULHUB ™

Two potential security issues reportedly affect the implementation of passwd included with Mandrake Linux, according to Mandrake advisory MDKSA-2004:045. According to the report, passwords supplied to passwd via stdin are incorrectly one character shorter than they should be. It is not known whether this behavior occurs at the interactive prompt or if the implementation allows for passwords to be "piped" to passwd through stdin. This may or may not have security implications as the user's password will not be stored correctly and the user will not be able to login. It is conceivable that this could result in a less secure password. The second issue reported by Mandrake is that PAM may not be initialized correctly and "safe and proper" operation may not be ensured. Further technical details are not known.

Two potential security issues reportedly affect the implementation of passwd included with Mandrake Linux, according to Mandrake advisory MDKSA-2004:045. According to the report, passwords supplied to passwd via stdin are incorrectly one character shorter than they should be. It is not known whether this behavior occurs at the interactive prompt or if the implementation allows for passwords to be "piped" to passwd through stdin. This may or may not have security implications as the user's password will not be stored correctly and the user will not be able to login. It is conceivable that this could result in a less secure password. The second issue reported by Mandrake is that PAM may not be initialized correctly and "safe and proper" operation may not be ensured. Further technical details are not known.