\'useradd -p\' problems.

From: joetesta@hushmail.com
Date: 08/28/01

• Previous message: Mariano Vassallo: "Re: Email webbugs"
• Next in thread: Steve Mickeler: "Re: \'useradd -p\' problems."
• Reply: Steve Mickeler: "Re: \'useradd -p\' problems."
• Reply: Gordon Messmer: "Re: \'useradd -p\' problems."
• Reply: Blue Boar: "Re: \'useradd -p\' problems."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Message-Id: <200108281828.f7SIS4s69323@mailserver1.hushmail.com>
From: joetesta@hushmail.com
To: vuln-dev@securityfocus.com
Subject: \'useradd -p\' problems.
Date: Tue, 28 Aug 2001 11:28:04 -0700

-----BEGIN PGP SIGNED MESSAGE-----

Hi --

    On my Trustix 1.2 box, I noticed that creating a user with 'useradd' and
the '-p' option (which gives the new user a default password) does not hash
the password in /etc/shadow:


root@hogs /# cat /etc/redhat-release
Trustix Secure Linux release 1.2 (Anywhere)
root@hogs /# useradd -p h4x0r lordspankatron
root@hogs /# tail -2 /etc/shadow
johnnyuser:$1$JiUjVlWa$gnfXvKsHUxnjoIPGmkt/1.:11562:0:99999:7:-1:-1:2147482240
lordspankatron:h4x0r:11562:0:99999:7:::



This bug doesn't seem exploitible for two reasons:

    1.) The user cannot log in with the supplied password because
MD5( password_supplied_at_login_prompt ) != unhashed_password_in_shadow_file
    2.) /etc/shadow exists in mode 0400, so no one besides the super-user
can read it anyway.


    BUT... never say never. I can't think of a practical environment where
this can be abused, and thus, I submit this report to the Vuln-Dev
wizards. =]
    [This just in: I've confirmed that this works on Redhat 7.1 too.]



    - Joe Testa

e-mail: joetesta@hushmail.com
web page: http://hogs.rit.edu/~joet
AIM: LordSpankatron


-----BEGIN PGP SIGNATURE-----
Version: Hush 2.0

wl0EARECAB0FAjuL4xIWHGpvZXRlc3RhQGh1c2htYWlsLmNvbQAKCRA/wHT6vruBNA1x
AKCR3LpGyouIg7REDMwYSBsnsJsuTQCeMF8n3PccwTDT2nhZmz9hCBvzW0Q=
=Gurv
-----END PGP SIGNATURE-----

---

• Previous message: Mariano Vassallo: "Re: Email webbugs"
• Next in thread: Steve Mickeler: "Re: \'useradd -p\' problems."
• Reply: Steve Mickeler: "Re: \'useradd -p\' problems."
• Reply: Gordon Messmer: "Re: \'useradd -p\' problems."
• Reply: Blue Boar: "Re: \'useradd -p\' problems."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: useradd -p problems. ... > On my Trustix 1.2 box, I noticed that creating a user with 'useradd' and ... the query, he's wondering why it's not going directly into shadow, ... (Vuln-Dev) Re: useradd -p problems. ... > On my Trustix 1.2 box, I noticed that creating a user with 'useradd' and ... Read the man page for useradd: ... That option is intended for use in scripts where the hash has already been ... - Squidward to SpongeBob ... (Vuln-Dev) Re: useradd -p problems. ... > On my Trustix 1.2 box, I noticed that creating a user with 'useradd' and ... did you happen to 'man useradd' before posting this? ... Thats because its not a bug. ... (Vuln-Dev)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > vuln-dev  > 2001-08