| Vulnerability Name: | CVE-2009-2482 (CCN-51312) | ||||||||
| Assigned: | 2009-06-22 | ||||||||
| Published: | 2009-06-22 | ||||||||
| Updated: | 2017-08-17 | ||||||||
| Summary: | The pam_unix module in OpenPAM in NetBSD 4.0 before 4.0.2 and 5.0 before 5.0.1 allows local users to change the current root password if it is already known, even when they are not in the wheel group. | ||||||||
| CVSS v3 Severity: | 4.4 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N)
| ||||||||
| CVSS v2 Severity: | 6.9 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C) 5.1 Medium (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:S/C:N/I:C/A:N/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-264 | ||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||
| References: | Source: CCN Type: NetBSD-SA2009-004 NetBSD OpenPAM passwd(1) changing weakness Source: NETBSD Type: UNKNOWN NetBSD-SA2009-004 Source: MITRE Type: CNA CVE-2009-2482 Source: OSVDB Type: UNKNOWN 55284 Source: CCN Type: SA35553 NetBSD OpenPAM Security Bypass Weakness Source: SECUNIA Type: Vendor Advisory 35553 Source: CCN Type: SECTRACK ID: 1022432 NetBSD OpenPAM passwd(1) May Let Certain Local Users Gain Elevated Privileges Source: CCN Type: OSVDB ID: 55284 NetBSD pam_unix Module (OpenPAM) Unauthorized root Password Reset Source: BID Type: UNKNOWN 35465 Source: CCN Type: BID-35465 NetBSD 'pam_unix' Root Password Change Local Security Bypass Weakness Source: SECTRACK Type: UNKNOWN 1022432 Source: XF Type: UNKNOWN netbsd-openpam-security-bypass(51312) Source: XF Type: UNKNOWN netbsd-openpam-security-bypass(51312) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||