Vulnerabilities > CVE-2001-1017 - Unspecified vulnerability in Freebsd 4.2/4.3

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

freebsd

NVD

Published: 2001-09-04

Updated: 2017-10-10

Summary

rmuser utility in FreeBSD 4.2 and 4.3 creates a copy of the master.passwd file with world-readable permissions while updating the original file, which could allow local users to gain privileges by reading the copied file while rmuser is running, obtain the password hashes, and crack the passwords.

Vulnerable Configurations

Part	Description	Count
OS	Freebsd Freebsd Freebsd 4.2 Freebsd Freebsd 4.3	2

References

ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:59.rmuser.v1.1.asc
http://www.osvdb.org/1947
http://www.securityfocus.com/bid/3282
https://exchange.xforce.ibmcloud.com/vulnerabilities/7086