Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » FreeBSD rmuser Password Hash Disclosure Vulnerability

FreeBSD rmuser Password Hash Disclosure Vulnerability

by Phiber on September 7th, 2001 The rmuser script temporarily creates a world readable copy of "master.passwd". If an attacker can anticipate the use of rmuser by an administrator, it may be possible to obtain the contents of "master.passwd".


Exploitation of this vulnerability is extremely time-dependent.


Solution:

FreeBSD FreeBSD 4.3:

  • FreeBSD patch rmuser.patch 1.1


    FreeBSD FreeBSD 4.2:

  • FreeBSD patch rmuser.patch 1.1


    FYI:

    FreeBSD ships with a perl script called 'rmuser'. It can be used by administrators to completely remove users from a system.


  • Newsletter signup

    Signup to our monthly newsletter and stay in touch with IT news!

    Free E-books

    We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

    Contact

    Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

    Contact us »