The BSD passwd buffer overflow vulnerability is a local privilege escalation issue in the passwd file of older BSD-based operating systems. The passwd file stores user information, including passwords and group memberships. An attacker can exploit this vulnerability by specifying a long shell or GECOS field in the passwd file, allowing them to gain root privileges.
This vulnerability affects BSD-based operating systems 4.3 and earlier. To check if you're affected, run the following command on your system:
grep -q "long" /etc/passwd
Note that this command checks for a specific string in the passwd file, which may not be present in all systems.
Version info: BSD 4.3 and earlier
To fix this vulnerability, you can apply the patch from CERT (http://www.cert.org/advisories/CA-1989-01.html). Alternatively, you can immediately mitigate the issue by:
Please note that this vulnerability is relatively low in terms of exploitation likelihood (EPSS Score: 0.626%), making it a script kiddie-level exploit.