Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1283

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2006-1283
Last Modified 25 Aug 2011 12:00:00
Published 23 Mar 2006 03:06:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2006-1283

Summary

opiepasswd in One-Time Passwords in Everything (OPIE) in FreeBSD 4.10-RELEASE-p22 through 6.1-STABLE before 20060322 uses the getlogin function to determine the invoking user account, which might allow local users to configure OPIE access to the root account and possibly gain root privileges if a root shell is permitted by the configuration of the wheel group or sshd.

Vulnerable Systems

Operating System

  • Freebsd 1.1.5.1

  • Freebsd 2.0

  • Freebsd 2.0.5

  • Freebsd 2.1

  • Freebsd 2.1.0

  • Freebsd 2.1.5

  • Freebsd 2.1.6

  • Freebsd 2.1.6.1

  • Freebsd 2.1.7

  • Freebsd 2.1.7.1

  • Freebsd 2.2

  • Freebsd 2.2.1

  • Freebsd 2.2.2

  • Freebsd 2.2.3

  • Freebsd 2.2.4

  • Freebsd 2.2.5

  • Freebsd 2.2.6

  • Freebsd 2.2.7

  • Freebsd 2.2.8

  • Freebsd 3.0

  • Freebsd 3.1

  • Freebsd 3.2

  • Freebsd 3.3

  • Freebsd 3.4

  • Freebsd 3.5

  • Freebsd 3.5.1

  • Freebsd 4.0

  • Freebsd 4.1

  • Freebsd 4.1.1

  • Freebsd 4.10

  • Freebsd 4.11

  • Freebsd 4.2

  • Freebsd 4.3

  • Freebsd 4.4

  • Freebsd 4.5

  • Freebsd 4.6

  • Freebsd 4.6.2

  • Freebsd 4.7

  • Freebsd 4.8

  • Freebsd 4.9

  • Freebsd 5.0

  • Freebsd 5.1

  • Freebsd 5.2

  • Freebsd 5.2.1

  • Freebsd 5.3

  • Freebsd 5.4

  • Freebsd 6.0


References

BID - 17194

FREEBSD - FreeBSD-SA-06:12

XF - bsd-opie-unauthorized-privileges(25397)

VUPEN - ADV-2006-1074

OSVDB - 24067

SECTRACK - 1015817

SECUNIA - 19347


Last Updated: 27 May 2016 10:42:00