CVE

CVE-2002-2219

Date: (C)2002-12-31   (M)2023-12-22

chetcpasswd.cgi in Pedro Lineu Orso chetcpasswd before 2.1 allows remote attackers to read the last line of the shadow file via a long user (userid) field.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL

Reference:

SECTRACK-1005847

BID-6472

chetcpasswd-shadow-file-disclosure(10946)

http://sourceforge.net/project/shownotes.php?group_id=68912&release_id=466649

http://www.securiteam.com/unixfocus/6C00N0K6AO.html