VULHUB ™

FreeBSD Security Advisory FreeBSD-SA-02:02 - When creating, removing, or modifying system users, the pw utility modifies the system password file '/etc/master.passwd'. This file contains the users' encrypted passwords and is normally only readable by root. During the modification, a temporary copy of the file is created. However, this temporary file is mistakenly created with permissions that allow it to be read by any user. A race condition is created.

FreeBSD Security Advisory FreeBSD-SA-02:02 - When creating, removing, or modifying system users, the pw utility modifies the system password file '/etc/master.passwd'. This file contains the users' encrypted passwords and is normally only readable by root. During the modification, a temporary copy of the file is created. However, this temporary file is mistakenly created with permissions that allow it to be read by any user. A race condition is created.