Solaris useradd expiration date Vulnerability

The Solaris useradd binary shipped with Solaris 7.0 has a bug which can possibly allow users who are supposed to be expired by a certain time to login. The problem with useradd is the interpretation of the value passed after the paramater -e (expire). If one were to use useradd to set an expiry date the following way, :

"-e 6/30/2000",

the interpretation would be 'June 30, 2020'. The consequence of this vulnerability is having expired users having access to the vulnerable host.


 

Privacy Statement
Copyright 2010, SecurityFocus