Vipw Insecure File Permissions Vulnerability

Vipw is an editing application used for system password and group files.

Some versions of the 'vipw' program fail to correctly set the permissions of the '/etc/shadow' file after editing it. The permissions of the file are changed to be world-readable, thus allowing any local user to read its contents. This may lead to a system compromise.


 

Privacy Statement
Copyright 2010, SecurityFocus