CVE-2001-1017
First published: Tue Sep 04 2001(Updated: )
rmuser utility in FreeBSD 4.2 and 4.3 creates a copy of the master.passwd file with world-readable permissions while updating the original file, which could allow local users to gain privileges by reading the copied file while rmuser is running, obtain the password hashes, and crack the passwords.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| FreeBSD Kernel | =4.2 | |
| FreeBSD Kernel | =4.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2001-1017?
CVE-2001-1017 is considered a high severity vulnerability due to its potential for privilege escalation.
How do I fix CVE-2001-1017?
To remediate CVE-2001-1017, ensure that the rmuser utility does not create world-readable copies of sensitive files during execution.
Who is affected by CVE-2001-1017?
CVE-2001-1017 affects users of FreeBSD versions 4.2 and 4.3.
What can attackers do with CVE-2001-1017?
Attackers can exploit CVE-2001-1017 to read hashed passwords from the copied master.passwd file, potentially allowing them to crack user passwords.
When was CVE-2001-1017 discovered?
CVE-2001-1017 was disclosed in 2001 and relates to vulnerabilities present in older versions of FreeBSD.
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/references
- agent/severity
- agent/last-modified-date
- agent/type
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/freebsd
- canonical/freebsd kernel
- version/freebsd kernel/4.2
- version/freebsd kernel/4.3