Info

Disclosure

Aug 02, 1998

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

OpenBSD contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when chpass fails to close file descriptors, which grants descendant processes write access to /etc/master.passwd. This flaw may lead to a loss of integrity.

Classification

Location: Local Access Required
Attack Type: Input Manipulation, Misconfiguration
Impact: Loss of Integrity
Exploit: Exploit Public
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, OpenBSD has released a patch to address this vulnerability.

Products

OpenBSD

2.3

References

CVE ID: 1999-0062 (see also: NVD)
Other Advisory URL: http://www.attrition.org/security/advisory/nai/nai.28.openbsd.chpass
Vendor Specific Advisory URL: http://www.openbsd.org/errata23.html#chpass

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/7559