Vulnerability Note VU#369427
Format string vulnerability in libutil pw_error(3) function
OverviewThere is an input validation vulnerability in the OpenBSD libutil system library that allows local users to gain superuser access via the chpass utility.
I. DescriptionOn June 30, 2000, the OpenBSD development team repaired an input validation vulnerability in the pw_error function of the OpenBSD 2.7 libutil library.
It was later discovered that when this function is called by the setuid program /usr/bin/chpass on unpatched systems, it is possible for users to obtain superuser access.
II. ImpactAttackers with an account on affected systems can obtain superuser access via the chpass utility.
III. SolutionApply a patch from your vendor.
See the vendors section of this document for further information from your vendor.
The CERT/CC recommends that vulnerable users protect their systems by removing the SUID bit on chpass.
Systems Affected
References
http://www.securityfocus.com/bid/1744
http://www.openbsd.org/errata.html (025)
ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/025_pw_error.patch
Credit
This document was written by Jeffrey P. Lanza.
Other Information
| Date Public | 10/03/2000 |
| Date First Published | 11/07/2000 05:18:58 PM |
| Date Last Updated | 03/29/2001 |
| CERT Advisory | |
| CVE Name | CAN-2000-0993 |
| Metric | 11.16 |
| Document Revision | 9 |
If you have feedback, comments, or additional information about this vulnerability, please send us
email.
|
