CVE-2005-4683

NameCVE-2005-4683
DescriptionPADL MigrationTools 46, when a failure occurs, stores contents of /etc/shadow in a world-readable /tmp/nis.$$.ldif file, and possibly other sensitive information in other temporary files, which are not properly managed by (1) migrate_all_online.sh, (2) migrate_all_offline.sh, (3) migrate_all_netinfo_online.sh, (4) migrate_all_netinfo_offline.sh, (5) migrate_all_nis_online.sh, (6) migrate_all_nis_offline.sh, (7) migrate_all_nisplus_online.sh, and (8) migrate_all_nisplus_offline.sh.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs338920

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
migrationtools (PTS)bullseye47-9fixed
sid, trixie, bookworm48-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
migrationtoolssource(unstable)46-2.1unimportant338920

Notes

The temp fix makes use of TMPDIR

Search for package or bug name: Reporting problems