Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-1366

Overview

Vulnerability Score 3.3 3.3
CVE Id CVE-2003-1366
Last Modified 05 Sep 2008 04:36:44
Published 31 Dec 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2003-1366

Summary

chpass in OpenBSD 2.0 through 3.2 allows local users to read portions of arbitrary files via a hard link attack on a temporary file used to store user database information.

Vulnerable Systems

Operating System

  • Openbsd 2.0

  • Openbsd 2.1

  • Openbsd 2.2

  • Openbsd 2.3

  • Openbsd 2.4

  • Openbsd 2.5

  • Openbsd 2.6

  • Openbsd 2.7

  • Openbsd 2.8

  • Openbsd 2.9

  • Openbsd 3.0

  • Openbsd 3.1

  • Openbsd 3.2


References

XF - openbsd-chpass-information-disclosure(11233)

BID - 6748

BUGTRAQ - 20030203 ASA-0001: OpenBSD chpass/chfn/chsh file content leak

SECTRACK - 1006035

SREASON - 3238


Last Updated: 27 May 2016 10:38:20