CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
0.4%
There is an input validation vulnerability in the OpenBSD libutil system library that allows local users to gain superuser access via the chpass utility.
On June 30, 2000, the OpenBSD development team repaired an input validation vulnerability in the pw_error function of the OpenBSD 2.7 libutil library.
It was later discovered that when this function is called by the setuid program /usr/bin/chpass on unpatched systems, it is possible for users to obtain superuser access.
Attackers with an account on affected systems can obtain superuser access via the chpass utility.
Apply a patch from your vendor.
See the vendors section of this document for further information from your vendor.
The CERT/CC recommends that vulnerable users protect their systems by removing the SUID bit on chpass.
369427
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: October 24, 2000 Updated: October 31, 2000
Affected
FreeBSD was also vulnerable to this problem since the affected code has a common ancestor. Like OpenBSD, we fixed the problem during security auditing in 2000/07, but did not realise it to be a security vulnerability since the function is not part of a library on FreeBSD, but the source code file containing the function is included directly in the affected setuid programs. FreeBSD 3.5.1 and 4.0 are the most recent affected versions - 4.1 and 4.1.1 are unaffected.
An advisory is under preparation and will likely be released on 2000/10/30.
Kris
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23369427 Feedback>).
Notified: October 24, 2000 Updated: October 27, 2000
Affected
NetBSD-1.4.2 and prior releases are vulnerable; the forthcoming 1.4.3 and 1.5 releases will have this problem fixed. We will be issuing an advisory (similar to the OpenBSD advisory) in the next day or two, with a patch included.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23369427 Feedback>).
Notified: October 24, 2000 Updated: November 17, 2000
Affected
From the OpenBSD Security Advisory:
"This vulnerability affects OpenBSD versions through 2.7. FreeBSD 4.0 is vulnerable, but patches have been backported, and FreeBSD versions 4.1 and
4.1.1 are safe. Bill Sommerfield committed a fix to NetBSD today shortly after we notified him of the problem.
OpenBSD users running -current (2.8-beta) with a system dated July 1st or thereafter are safe."
The vendor has not provided us with any further information regarding this vulnerability.
OpenBSD has provided a patch for this vulnerability at:
<http://www.openbsd.org/errata.html> (025).
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23369427 Feedback>).
Notified: October 24, 2000 Updated: October 27, 2000
Not Affected
This notification is in regards to CERT Advisory “Input validation vulnerability in OpenBSD libutil library” (VU#369427).
Mac OS X is not vulnerable to the input validation vulnerability in the OpenBSD libutil library.
--
Eric Zelenka
[email protected]
Apple Computer, Inc.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23369427 Feedback>).
Notified: October 24, 2000 Updated: October 27, 2000
Not Affected
No versions of BSD/OS are vulnerable to this problem.
-Jeff Polk, BSDI
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23369427 Feedback>).
Notified: October 24, 2000 Updated: October 27, 2000
Not Affected
SOURCE: © Copyright 2000 Compaq Computer Corporation. All rights reserved.
SOURCE: Compaq Computer Corporation
Compaq Services
Software Security Response Team USA
This reported problem is not present in Compaq Tru64/UNIX Operating Systems Software.
- Compaq Computer Corporation
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23369427 Feedback>).
Notified: October 23, 2000 Updated: January 20, 2001
Not Affected
Fujitsu’s UXP/V is not vulnerable to this problem.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23369427 Feedback>).
Notified: October 24, 2000 Updated: January 03, 2001
Not Affected
HP does not have a libutil and we don’t offer a command called chpass. (Any password changes are done via the command options or SAM). Further, we don’t support a function called pw_error.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23369427 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This document was written by Jeffrey P. Lanza.
CVE IDs: | CVE-2000-0993 |
---|---|
Severity Metric: | 11.16 Date Public: |