Openwall GNU/*/Linux Information for VU#405955
util-linux package vulnerable to privilege escalation when "ptmptmp" file is not removed properly when using "chfn" utility
- Vendor Information Help Date Notified:
- Statement Date:
- Date Updated: 15 Aug 2002
Openwall GNU/*/Linux (Owl) is not vulnerable. We're using a version of chfn(1) utility from the shadow suite (with our modifications) rather than one from util-linux. This decision was made during Owl development specifically to ensure compatible password file locking across the system as a whole. Additionally, on Owl, chfn(1) isn't available to regular users by default, although that is a supported owl-control setting.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.