130209 – (CVE-2005-3503) VUL-0: CVE-2005-3503: pwdutils: trivial root exploit using chfn

Bug 130209 (CVE-2005-3503) - VUL-0: CVE-2005-3503: pwdutils: trivial root exploit using chfn

Summary: VUL-0: CVE-2005-3503: pwdutils: trivial root exploit using chfn

Status:	RESOLVED FIXED

Alias:	CVE-2005-3503

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P5 - None Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:	CVE-2005-3503: CVSS v2 Base Score: 7....
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2005-10-23 21:32 UTC by Marcus Meissner
Modified:	2021-11-10 14:53 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	Other
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Comment 4 Ludwig Nussel 2005-10-24 12:48:55 UTC

   4 local root user
  +1 default package
  +1 default active
  +1 command execution

Total Score: 7 (Critical)

Comment 5 Marcus Meissner 2005-10-24 15:07:43 UTC

patchinfos submitted.

Comment 6 Thorsten Kukuk 2005-10-25 07:05:24 UTC

Everything is submitted.

Comment 7 Ludwig Nussel 2005-10-25 07:34:41 UTC

Please read and obey the following best practice guideline next time, thanks.
http://w3d.suse.de/Dev/Components/Packages/PackMan/pm_pr_fixing_bug.html#pm_pr_fb_bt_security_bugs

Patchinfos are not yet checked in, no updates released yet => Bug still open for security team.

Comment 8 Thorsten Kukuk 2005-10-25 07:43:38 UTC

Please read bugzilla guidline of TPMs: A bug has to be closed, if developer
has fixed and submitted everything to autobuild.

If security team needs something for tracking they should use SWAMP, that is a progress tracking tool. Bugzilla is not such a tool, especially since developers have no influence on next steps.

Comment 9 Ludwig Nussel 2005-10-25 07:56:53 UTC

here we go again

Comment 10 Marcus Meissner 2005-11-07 09:59:44 UTC

approved and advisory released.

Comment 11 Marcus Meissner 2005-11-18 10:38:31 UTC

CVE-2005-3503

"chfn in pwdutils 3.0.4 and earlier on SuSE Linux, and possibly other operating systems, does not properly check arguments for the GECOS field, which allows local users to gain privileges."

Comment 12 Thomas Biege 2009-10-13 21:44:17 UTC

CVE-2005-3503: CVSS v2 Base Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)