Bug 40478

Summary: Buffer overflow in /usr/src/usr.sbin/vipw/pw_util.c
Product: Base System Reporter: Pawel Jakub Dawidek <nick>
Component: binAssignee: freebsd-bugs (Nobody) <bugs>
Status: Closed FIXED    
Severity: Affects Only Me CC: nick
Priority: Normal    
Version: 1.0-RELEASE   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
file.diff none

Description Pawel Jakub Dawidek 2002-07-12 11:30:05 UTC 
	There is a buffer overflow in /usr/src/usr.sbin/vipw/pw_util.c in
	function pw_tmp(), but it can't be sploitable as long as
	_PATH_MASTERPASSWD (defined in /usr/src/include/pwd.h) is no longer
	that MAXPATHLEN (defined in /usr/src/sys/sys/param.h). This bug have
	all aplications from this list:
	/usr/bin/passwd
	/usr/bin/chsh
	/usr/bin/chpass
	/usr/bin/chfn
	/usr/sbin/vipw
	(4 of those 5 are set-uid-root by default)

Fix: Here You got a little patch:


12 Lip 12:07 2002 diff -lu pw_util.c.orig pw_util.c Page 1
Comment 1 Giorgos Keramidas freebsd_committer freebsd_triage 2002-07-13 22:45:28 UTC 
State Changed
From-To: open->closed

Superseded by bin/40492.
Comment 2 Giorgos Keramidas freebsd_committer freebsd_triage 2002-07-13 22:45:53 UTC 
Responsible Changed
From-To: gnats-admin->freebsd-bugs

This belongs to freebsd-bugs under bin/* even though it's closed.