Skip site navigation (1)Skip section navigation (2)
Date:              Fri, 10 Feb 1995 15:21:47 
From:      SMMCGEE@ncbc.ncbc.mn.org (Sean McGee)
To:        questions@FreeBSD.org
Subject:        Security Hole ?????
Message-ID:  <m0rd2sf-0002kvC@kksys.skypoint.net>

Next in thread | Raw E-Mail | Index | Archive | Help
The following is a transcript of a telnet session on my 2.0R host:
I logged in as a user with absolutely no rights whatsoever, with an 
account that has an expired password under 'chpass'.

><< Opened connection to jasper.ncbc.edu >>
>
>  FreeBSD (jasper.ncbc.edu) (ttyp0)
>
>login: skpearso
>Password:
>Sorry -- your password has expired.
>Changing local password for root.
>New password:
>Retype new password:
>passwd: rebuilding the database...
>passwd: done
>Last login: Fri Feb 10 13:10:40 from h004
>Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
>        The Regents of the University of California.   All rights reserved.
>
>FreeBSD 2.0-RELEASE
>
>login: /bin/csh: Permission denied
>
><< Connection closed by other end. >>

As you can see, I was able to change root's password as a user with no 
rights when my account password had expired. 

Is this a hole or am I missing something???

-sean



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?m0rd2sf-0002kvC>