• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

SuSE Shadow File Truncation Vulnerability

A vulnerability has been discovered in the shadow package that ships with the SuSE Linux distribution. It has been reported that a local attacker may be able to cause data in /etc/passwd and /etc/shadow to be truncated or possibly even appended to with attacker-supplied data. This can occur of the attacker sets filesize limitations prior to invoking the utilities that operate on these files. At the very least, local users can corrupt vital files. This would possibly result in a denial of service. Under some circumstances successful exploitation of this vulnerability may enable a local attacker to elevate privileges, possibly even gaining root privileges. SuSE has stated that it is not possible for local attackers to obtain root privileges with the default configuration of SuSE Linux.