Title: Slackware /etc/group missing results in root access Vulnerability
Severity: HIGH
Description:
Due to the way /bin/login behaves when a /etc/group file is not present under Slackware's version of the password shadowing suite, users who log in while this file is not present will be given uid and gid 0. This will allow them unrestricted access to the machine. This vulnerability is present in all versions of Slackware which have shadow passwords, up to and including 3.5
If the call to initgroups() fails in setup_uid_gid(), the function immediately returns value of -1. However, the call to setup_uid_gid() in login.c fails to check this return value. Since the uid and gid were not checked, their value is still 0, and the user will be logged in with 0 as their uid and gid.
Affected Products:
- Slackware Linux 3.1.0
- Slackware Linux 3.2.0
- Slackware Linux 3.3.0
- Slackware Linux 3.4.0
- Slackware Linux 3.5.0
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
