Title: FreeBSD Login Capabilities Privileged File Reading Vulnerability
Severity: MODERATE
Description:
FreeBSD is a freely available, open source implementation of the BSD UNIX Operating System. It is developed and maintained by the FreeBSD Project.
A problem in FreeBSD systems using the login capability database could makes it possible for a user with access to the affected system via SSH to read files that require elevated privilege. It is also possible to exploit this vulnerability via the login daemon.
A user with access to an affected system via SSH can make alterations to the .login.conf file contained in their home directory to perform malcious activities. By making an entry in the .login.conf file setting the :welcome parameter to read and print welcome information from the /etc/master.passwd file, a user accessing the system via SSH could read the contents of the master.passwd file when logging in. This vulnerability could also be exploited in login by altering the :nologin variable in .login.conf.
This problem could lead to a user gaining access to the shadowed password database. This could result further attack against the system, and potentially elevated privileges if the user were to launch a brute force password attack against the file.
This issue does not appear to affect other BSD distributions.
Affected Products:
- FreeBSD FreeBSD 4.3.0
- FreeBSD FreeBSD 4.4.0
- OpenBSD OpenSSH (FreeBSD Port) 2.9.0p2
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
