First posted to BugTraq by Chad Price <cprice@MOLBIO.UNMC.EDU> on June 10, 1999.
Sun Solaris 7.0
The Solaris useradd binary shipped with Solaris 7.0 has a bug which can possibly allow users who are supposed to be expired by a certain time to login. The problem with useradd is the interpretation of the value passed after the paramater -e (expire). If one were to use useradd to set an expiry date the following way, :
the interpretation would be 'June 30, 2020'. The consequence of this vulnerability is having expired users having access to the vulnerable host.
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: email@example.com.