CVE-2009-2482

The pam_unix module in OpenPAM in NetBSD 4.0 before 4.0.2 and 5.0 before 5.0.1 allows local users to change the current root password if it is already known, even when they are not in the wheel group.

CVSS v2.0 6.9 MEDIUM

6.9^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/35553	Vendor Advisory
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-004.txt.asc
http://www.securitytracker.com/id?1022432
http://www.securityfocus.com/bid/35465
http://osvdb.org/55284
https://exchange.xforce.ibmcloud.com/vulnerabilities/51312

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:netbsd:netbsd:4.0.1:::::::*
	cpe:2.3:o:netbsd:netbsd:4.0:beta::::::
	cpe:2.3:o:netbsd:netbsd:5.0:rc3::::::
	cpe:2.3:o:netbsd:netbsd:4.0:::::::*
	cpe:2.3:o:netbsd:netbsd:4.1:::::::*
	cpe:2.3:o:netbsd:netbsd:4.0:beta2::::::
	cpe:2.3:o:netbsd:netbsd:5.0:::::::*

Information

Published : 2009-07-16 09:30

Updated : 2017-08-16 18:30

NVD link : CVE-2009-2482

Mitre link : CVE-2009-2482

JSON object : View

CWE

CWE-264

Permissions, Privileges, and Access Controls

Products Affected

netbsd

netbsd

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://secunia.com/advisories/35553", "name": "35553", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-004.txt.asc", "name": "NetBSD-SA2009-004", "tags": [], "refsource": "NETBSD"}, {"url": "http://www.securitytracker.com/id?1022432", "name": "1022432", "tags": [], "refsource": "SECTRACK"}, {"url": "http://www.securityfocus.com/bid/35465", "name": "35465", "tags": [], "refsource": "BID"}, {"url": "http://osvdb.org/55284", "name": "55284", "tags": [], "refsource": "OSVDB"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51312", "name": "netbsd-openpam-security-bypass(51312)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The pam_unix module in OpenPAM in NetBSD 4.0 before 4.0.2 and 5.0 before 5.0.1 allows local users to change the current root password if it is already known, even when they are not in the wheel group."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-264"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2009-2482", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "MEDIUM", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2009-07-16T16:30Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:4.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:4.0:beta:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:5.0:rc3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:4.0:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-17T01:30Z"}

6.9 /10