|
|
Info |
Last Modified |
| 7 months ago |
|
|
|
|
Description |
OpenBSD contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when chpass fails to close file descriptors, which grants descendant processes write access to /etc/master.passwd. This flaw may lead to a loss of integrity.
|
|
Classification |
Location:
Local Access Required
Attack Type:
Input Manipulation,
Misconfiguration
Impact:
Loss of Integrity
Exploit:
Exploit Available
Disclosure:
OSVDB Verified
|
|
Technical |
As reported by Network Associates, Inc., OpenBSD contains a implementation problem involving file descriptor leakage across processes. Chpass is an SUID program. It functions by creating a temporary copy of the password database, spawning an editor to display and modify user account information, and then committing the information into the temporary password file copy, which is then used to rebuild the password database.
In OpenBSD 2.3, an implementation flaw causes the temporary password file copy to become accessible to the spawned editor process and its children. An attacker can use this access to modify the information in the temporary copy. The tainted copy is used to rebuild the password database, allowing the attacker to modify "root"'s account information and gain superuser access.
|
|
Solution |
Currently, there are no known workarounds or upgrades to correct this issue. However, OpenBSD has released a patch to address this vulnerability.
|
|
Products |
|
OpenBSD
 |
2.3 |
|
|
|
|
Credit |
Unknown or Incomplete
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
