There is an input validation vulnerability in the OpenBSD libutil system library that allows local users to gain superuser access via the chpass utility.
On June 30, 2000, the OpenBSD development team repaired an input validation vulnerability in the pw_error function of the OpenBSD 2.7 libutil library.
It was later discovered that when this function is called by the setuid program /usr/bin/chpass on unpatched systems, it is possible for users to obtain superuser access.
Attackers with an account on affected systems can obtain superuser access via the chpass utility.
Apply a patch from your vendor.
The CERT/CC recommends that vulnerable users protect their systems by removing the SUID bit on chpass.
This document was written by Jeffrey P. Lanza.
|Date First Published:||2000-11-07|
|Date Last Updated:||2001-03-30 00:27 UTC|