Description
chpass in OpenBSD 2.0 through 3.2 allows local users to read portions of arbitrary files via a hard link attack on a temporary file used to store user database information.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Marc Bevand · textlocalopenbsd
https://www.exploit-db.com/exploits/22210
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/6748
Various Sources x_refsource_misc
http://www.epita.fr/~bevand_m/asa/asa-0001
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1006035
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/309962
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/11233
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/3238
Scores
EPSS
0.0033
EPSS Percentile
55.8%
Details
CWE
CWE-200
Status
published
Products (13)
openbsd/openbsd
2.0
openbsd/openbsd
2.1
openbsd/openbsd
2.2
openbsd/openbsd
2.3
openbsd/openbsd
2.4
openbsd/openbsd
2.5
openbsd/openbsd
2.6
openbsd/openbsd
2.7
openbsd/openbsd
2.8
openbsd/openbsd
2.9
... and 3 more
Published
Dec 31, 2003
Tracked Since
Feb 18, 2026