fedora 24
misc weakness #470


Weakness Breakdown


The software specifies permissions for a security-critical resource in a way that allows the resource to be read or modified by unintended actors.

Warning code(s):

This function is obsolete and not portable. It was in SUSv2 but removed by POSIX.2. What it does exactly varies considerably between systems, particularly in where its prompt is displayed and where it gets its data.

File Name:



The highlighted line of code below is the trigger point of this particular Fedora 24 misc weakness.

 void	endservent(void);
int	execl(const char *, ...);
int	execlp(const char *, ...);
int	execv(const char *, char * const *);
__dead	void exit(int) __attribute__((volatile));
__dead	void _exit(int) __attribute__((volatile));
int	fchmod(int, int);
int	fchown(int, int, int);
int	fcntl(int, int, int);
int	ffs(int);
int	flock(int, int);
int	fork(void);
void	free(void *);
#ifdef	__STDC__
struct	stat;
int	fstat(int, struct stat *);
int	ftruncate(int, u_long);
int	getdtablesize(void);
char	*getenv __P((char *));
int	gethostname(char *, int);
int	getopt(int, char * const *, const char *);
int	getpagesize(void);
char	*getlogin __P((void));
char	*getpass(char *);
int	getpeername(int, struct sockaddr *, int *);
int	getpid(void);
int	getppid(void);
int	getpriority(int, int);
int	getsockname(int, struct sockaddr *, int *);
int	getsockopt(int, int, int, char *, int *);
#ifdef	__STDC__
struct	timeval;
struct	timezone;
int	gettimeofday(struct timeval *, struct timezone *);
int	getuid(void);
char	*getusershell();
int	ioctl(int, int, caddr_t);
int	initgroups(const char *, int);
int	iruserok(u_long, int, char *, char *);
int	isatty(int);
int	kill(int, int);
int	listen(int, int);
#ifdef	__STDC__
struct	utmp;
void	login(struct utmp *);
int	logout(const char *);
__dead	void longjmp(int *, int) __attribute__((volatile)); 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.