The pw_error(3) function was vulnerable to a format string attack.

Apply by doing:
       cd /usr/src
       patch -p0 < 025_pw_error.patch

And then rebuild and install libutil.
       cd lib/libutil
       make depend
       make
       make install

Index: lib/libutil/passwd.c
===================================================================
RCS file: /cvs/src/lib/libutil/passwd.c,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -r1.20 -r1.21
--- lib/libutil/passwd.c        1998/11/16 07:10:32     1.20
+++ lib/libutil/passwd.c        2000/06/30 16:00:07     1.21
@@ -579,7 +579,7 @@
       char   *master = pw_file(_PATH_MASTERPASSWD);

       if (err)
-               warn(name);
+               warn("%s", name);
       if (master)
               warnx("%s: unchanged", master);
       pw_abort();

You are viewing proxied material from ftp.icm.edu.pl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.