Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-2482

Overview

Vulnerability Score 6.9 6.9
CVE Id CVE-2009-2482
Last Modified 16 Jul 2009 12:00:00
Published 16 Jul 2009 12:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2009-2482

Summary

The pam_unix module in OpenPAM in NetBSD 4.0 before 4.0.2 and 5.0 before 5.0.1 allows local users to change the current root password if it is already known, even when they are not in the wheel group.

Vulnerable Systems

Operating System

  • Netbsd 4.0

  • Netbsd 4.0.1

  • Netbsd 4.1

  • Netbsd 5.0


References

XF - netbsd-openpam-security-bypass(51312)

SECTRACK - 1022432

BID - 35465

SECUNIA - 35553

OSVDB - 55284


Last Updated: 27 May 2016 10:50:54