Format string vulnerability in pw_error function in BSD libutil library allows local users to gain root privileges via a malformed password in commands such as chpass or passwd.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Freebsd | Freebsd | 3.2 (including) | 3.2 (including) |
| Freebsd | Freebsd | 3.3 (including) | 3.3 (including) |
| Freebsd | Freebsd | 3.4 (including) | 3.4 (including) |
| Freebsd | Freebsd | 3.5 (including) | 3.5 (including) |
| Freebsd | Freebsd | 4.0 (including) | 4.0 (including) |
| Netbsd | Netbsd | 1.4 (including) | 1.4 (including) |
| Netbsd | Netbsd | 1.4.1 (including) | 1.4.1 (including) |
| Netbsd | Netbsd | 1.4.2 (including) | 1.4.2 (including) |
| Openbsd | Openbsd | 2.3 (including) | 2.3 (including) |
| Openbsd | Openbsd | 2.4 (including) | 2.4 (including) |
| Openbsd | Openbsd | 2.5 (including) | 2.5 (including) |
| Openbsd | Openbsd | 2.6 (including) | 2.6 (including) |
| Openbsd | Openbsd | 2.7 (including) | 2.7 (including) |
References
- ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:58.chpass.asc
- ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-015.txt.asc
- http://marc.info/?l=bugtraq\u0026m=97068555106135\u0026w=2
- http://www.openbsd.org/errata27.html#pw_error
- http://www.securityfocus.com/bid/1744
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5339
- ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:58.chpass.asc
- ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-015.txt.asc
- http://marc.info/?l=bugtraq\u0026m=97068555106135\u0026w=2
- http://www.openbsd.org/errata27.html#pw_error
- http://www.securityfocus.com/bid/1744
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5339