\'useradd -p\' problems.

From: joetestaat_private
Date: Tue Aug 28 2001 - 11:28:04 PDT

  • Next message: Sven Kamphuis: "Re: Micro$oft wants to dominate the world!??"

    -----BEGIN PGP SIGNED MESSAGE-----
    
    Hi --
    
        On my Trustix 1.2 box, I noticed that creating a user with 'useradd' and
    the '-p' option (which gives the new user a default password) does not hash
    the password in /etc/shadow:
    
    
    root@hogs /# cat /etc/redhat-release
    Trustix Secure Linux release 1.2 (Anywhere)
    root@hogs /# useradd -p h4x0r lordspankatron
    root@hogs /# tail -2 /etc/shadow
    johnnyuser:$1$JiUjVlWa$gnfXvKsHUxnjoIPGmkt/1.:11562:0:99999:7:-1:-1:2147482240
    lordspankatron:h4x0r:11562:0:99999:7:::
    
    
    
    This bug doesn't seem exploitible for two reasons:
    
        1.)  The user cannot log in with the supplied password because
    MD5( password_supplied_at_login_prompt ) != unhashed_password_in_shadow_file
        2.)  /etc/shadow exists in mode 0400, so no one besides the super-user
    can read it anyway.
    
    
        BUT... never say never.  I can't think of a practical environment where
    this can be abused, and thus, I submit this report to the Vuln-Dev
    wizards.  =]
        [This just in:  I've confirmed that this works on Redhat 7.1 too.]
    
    
    
        - Joe Testa
    
    e-mail:   joetestaat_private
    web page: http://hogs.rit.edu/~joet
    
    AIM:      LordSpankatron
    
    
    -----BEGIN PGP SIGNATURE-----
    Version: Hush 2.0
    
    wl0EARECAB0FAjuL4xIWHGpvZXRlc3RhQGh1c2htYWlsLmNvbQAKCRA/wHT6vruBNA1x
    AKCR3LpGyouIg7REDMwYSBsnsJsuTQCeMF8n3PccwTDT2nhZmz9hCBvzW0Q=
    =Gurv
    -----END PGP SIGNATURE-----
    



    This archive was generated by hypermail 2b30 : Tue Aug 28 2001 - 12:48:19 PDT