Overview
Shadow-utils is an encryption and account management package freely distributed for many Linux implementations. The useradd program in this package creates insecure temporary files with predictable names in a write-protected directory. If this directory is changed to be writable, an attacker may be able to use a symbolic link attack to overwrite arbitrary files.
Description
The useradd program calls the passwd program, which stores temporary files with predictable names in /etc/default, a protected directory. The program does not check for prior existence or ownership of these files. Useradd normally runs with setuid root privileges. |
Impact
If /etc/default is changed to be world-writable, an attacker may be able to create a symbolic link with predictable name, and point it to any writable file on the system. This may cause corruption of the file. |
Solution
Apply vendor patches; see the Systems Affected section below. |
Change /etc/default to not be world-writable. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
This vulnerability was first reported by Greg Kroah-Hartman
This document was last modified by Tim Shimeall.
Other Information
| CVE IDs: | CVE-2001-0120 |
| Severity Metric: | 0.30 |
| Date Public: | 2001-01-10 |
| Date First Published: | 2001-11-08 |
| Date Last Updated: | 2001-11-08 18:19 UTC |
| Document Revision: | 10 |