Lucene search

[email protected]CVE-2001-1017

HistoryMar 09, 2002 - 5:00 a.m.

CVE-2001-1017

2002-03-0905:00:00

[email protected]

web.nvd.nist.gov

freebsd

privilege escalation

password cracking

cve-2001-1017

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.1 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

rmuser utility in FreeBSD 4.2 and 4.3 creates a copy of the master.passwd file with world-readable permissions while updating the original file, which could allow local users to gain privileges by reading the copied file while rmuser is running, obtain the password hashes, and crack the passwords.

Affected configurations

NVD

Node

freebsdfreebsdMatch4.2

freebsdfreebsdMatch4.3

CPENameOperatorVersion
freebsd:freebsdfreebsdeq4.2
freebsd:freebsdfreebsdeq4.3

CPE	Name	Operator	Version
freebsd:freebsd	freebsd	eq	4.2
freebsd:freebsd	freebsd	eq	4.3

References

ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:59.rmuser.v1.1.asc

www.osvdb.org/1947

www.securityfocus.com/bid/3282

exchange.xforce.ibmcloud.com/vulnerabilities/7086

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.1 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2001-1017

cvelist1 nvd1