Vulnerability Note VU#369427
Format string vulnerability in libutil pw_error(3) function
There is an input validation vulnerability in the OpenBSD libutil system library that allows local users to gain superuser access via the chpass utility.
On June 30, 2000, the OpenBSD development team repaired an input validation vulnerability in the pw_error function of the OpenBSD 2.7 libutil library.
It was later discovered that when this function is called by the setuid program /usr/bin/chpass on unpatched systems, it is possible for users to obtain superuser access.
Attackers with an account on affected systems can obtain superuser access via the chpass utility.
Apply a patch from your vendor.
The CERT/CC recommends that vulnerable users protect their systems by removing the SUID bit on chpass.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|FreeBSD||Affected||23 Oct 2000||31 Oct 2000|
|NetBSD||Affected||23 Oct 2000||27 Oct 2000|
|OpenBSD||Affected||23 Oct 2000||17 Nov 2000|
|Apple||Not Affected||23 Oct 2000||27 Oct 2000|
|BSDI||Not Affected||23 Oct 2000||27 Oct 2000|
|Compaq Computer Corporation||Not Affected||23 Oct 2000||27 Oct 2000|
|Fujitsu||Not Affected||23 Oct 2000||20 Jan 2001|
|Hewlett Packard||Not Affected||23 Oct 2000||03 Jan 2001|
CVSS Metrics (Learn More)
- http://www.openbsd.org/errata.html (025)
This document was written by Jeffrey P. Lanza.
- CVE IDs: CAN-2000-0993
- Date Public: 03 Oct 2000
- Date First Published: 07 Nov 2000
- Date Last Updated: 29 Mar 2001
- Severity Metric: 11.16
- Document Revision: 9
If you have feedback, comments, or additional information about this vulnerability, please send us email.