SunOS passwd -F Symlink Race Arbitrary File Overwrite

1994-05-11T00:00:00
ID OSVDB:8740
Type osvdb
Reporter OSVDB
Modified 1994-05-11T00:00:00

Description

Vulnerability Description

SunOS contains a flaw in "/usr/bin/passwd" binary that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a local attacker creates a symlink to the password file and uses the "passwd -F" option, which will recreate the password file with increased attacker priveilges. This flaw may lead to a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Sun Microsystems has released a patch to address this vulnerability.

Short Description

SunOS contains a flaw in "/usr/bin/passwd" binary that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a local attacker creates a symlink to the password file and uses the "passwd -F" option, which will recreate the password file with increased attacker priveilges. This flaw may lead to a loss of integrity.

References:

Other Advisory URL: http://www.alw.nih.gov/Security/8lgm/8lgm-Advisory-07.html Other Advisory URL: http://www.alw.nih.gov/Security/8lgm/8lgm-Advisory-07b.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1994_4/0755.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1994_2/0197.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1994_2/0199.html Keyword: [8lgm]-Advisory-7.UNIX.passwd.11-May-1994 Keyword: sun bug: 1171499 ISS X-Force ID: 7207 CVE-1999-1388