OSVDB ID: 634 Title: BSD on VAX passwd Lockfile File Size Limit Local DoS |
Info |
|
|
Dates |
||||
|
|
Description |
BSD contains a flaw that may allow a local denial of service. The issue is triggered when a malicious user limits filesizes to 1k before using passwd. The passwd program will copy the first 1k of data from /etc/passwd into the lock file /etc/ptmp. Once 1k of data is copied, passwd will die and the lock file will remain, resulting in a loss of availability for changing passwords. |
Classification |
Location:
Local Access Required
Attack Type: Denial of Service Impact: Loss of Availability Exploit: Exploit Available Disclosure: OSVDB Verified |
Solution |
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: copy the code from chsh or chfn that sets the CPU time and filesize limits to infinity and recompile the passwd binary. |
Products |
|
References |
|
Credit |
|