[原文]rmuser utility in FreeBSD 4.2 and 4.3 creates a copy of the master.passwd file with world-readable permissions while updating the original file, which could allow local users to gain privileges by reading the copied file while rmuser is running, obtain the password hashes, and crack the passwords.
FreeBSD rmuser /etc/master.passwd Local Password Hash Disclosure
Local Access Required
Loss of Confidentiality
Patch / RCS
FreeBSD contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a malicious user can view the master.passwd file while root is running rmuser, which will disclose password hashes resulting in a loss of confidentiality.
Upgrade to version 4.3-STABLE or the RELENG_4_3 security branch, dated after the respective correction dates, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): use the pw(8) utility to remove users instead of rmuser.
Also, FreeBSD has released a patch.