CVE-2005-0580 Information

Description

cmd5checkpw when running setuid does not properly drop privileges before calling the execvp function which allows local users to read the poppasswd file.

Reference

http://security.gentoo.org/glsa/glsa-200502-30.xml