Vulnerability Development mailing list archives
\'useradd -p\' problems.
From: joetesta () hushmail com
Date: Tue, 28 Aug 2001 11:28:04 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hi -- On my Trustix 1.2 box, I noticed that creating a user with 'useradd' and the '-p' option (which gives the new user a default password) does not hash the password in /etc/shadow: root@hogs /# cat /etc/redhat-release Trustix Secure Linux release 1.2 (Anywhere) root@hogs /# useradd -p h4x0r lordspankatron root@hogs /# tail -2 /etc/shadow johnnyuser:$1$JiUjVlWa$gnfXvKsHUxnjoIPGmkt/1.:11562:0:99999:7:-1:-1:2147482240 lordspankatron:h4x0r:11562:0:99999:7::: This bug doesn't seem exploitible for two reasons: 1.) The user cannot log in with the supplied password because MD5( password_supplied_at_login_prompt ) != unhashed_password_in_shadow_file 2.) /etc/shadow exists in mode 0400, so no one besides the super-user can read it anyway. BUT... never say never. I can't think of a practical environment where this can be abused, and thus, I submit this report to the Vuln-Dev wizards. =] [This just in: I've confirmed that this works on Redhat 7.1 too.] - Joe Testa e-mail: joetesta () hushmail com web page: http://hogs.rit.edu/~joet AIM: LordSpankatron -----BEGIN PGP SIGNATURE----- Version: Hush 2.0 wl0EARECAB0FAjuL4xIWHGpvZXRlc3RhQGh1c2htYWlsLmNvbQAKCRA/wHT6vruBNA1x AKCR3LpGyouIg7REDMwYSBsnsJsuTQCeMF8n3PccwTDT2nhZmz9hCBvzW0Q= =Gurv -----END PGP SIGNATURE-----
Current thread:
- \'useradd -p\' problems. joetesta (Aug 28)
- Re: \'useradd -p\' problems. Steve Mickeler (Aug 28)
- Re: \'useradd -p\' problems. Gordon Messmer (Aug 28)
- Re: \'useradd -p\' problems. Blue Boar (Aug 28)
- Re: \'useradd -p\' problems. Blue Boar (Aug 28)