Lucene search

[email protected]NVD:CVE-2009-2482

HistoryJul 16, 2009 - 4:30 p.m.

CVE-2009-2482

2009-07-1616:30:00

CWE-264

[email protected]

web.nvd.nist.gov

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.4

Confidence

High

EPSS

Percentile

5.1%

JSON

The pam_unix module in OpenPAM in NetBSD 4.0 before 4.0.2 and 5.0 before 5.0.1 allows local users to change the current root password if it is already known, even when they are not in the wheel group.

Affected configurations

Nvd

Node

netbsdnetbsdMatch4.0

netbsdnetbsdMatch4.0beta

netbsdnetbsdMatch4.0beta2

netbsdnetbsdMatch4.0.1

netbsdnetbsdMatch4.1

netbsdnetbsdMatch5.0

netbsdnetbsdMatch5.0rc3

VendorProductVersionCPE
netbsdnetbsd4.0cpe:2.3:o:netbsd:netbsd:4.0:*:*:*:*:*:*:*
netbsdnetbsd4.0cpe:2.3:o:netbsd:netbsd:4.0:beta:*:*:*:*:*:*
netbsdnetbsd4.0cpe:2.3:o:netbsd:netbsd:4.0:beta2:*:*:*:*:*:*
netbsdnetbsd4.0.1cpe:2.3:o:netbsd:netbsd:4.0.1:*:*:*:*:*:*:*
netbsdnetbsd4.1cpe:2.3:o:netbsd:netbsd:4.1:*:*:*:*:*:*:*
netbsdnetbsd5.0cpe:2.3:o:netbsd:netbsd:5.0:*:*:*:*:*:*:*
netbsdnetbsd5.0cpe:2.3:o:netbsd:netbsd:5.0:rc3:*:*:*:*:*:*

Vendor	Product	Version	CPE
netbsd	netbsd	4.0	cpe:2.3:o:netbsd:netbsd:4.0:::::::*
netbsd	netbsd	4.0	cpe:2.3:o:netbsd:netbsd:4.0:beta::::::
netbsd	netbsd	4.0	cpe:2.3:o:netbsd:netbsd:4.0:beta2::::::
netbsd	netbsd	4.0.1	cpe:2.3:o:netbsd:netbsd:4.0.1:::::::*
netbsd	netbsd	4.1	cpe:2.3:o:netbsd:netbsd:4.1:::::::*
netbsd	netbsd	5.0	cpe:2.3:o:netbsd:netbsd:5.0:::::::*
netbsd	netbsd	5.0	cpe:2.3:o:netbsd:netbsd:5.0:rc3::::::

References

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-004.txt.asc

osvdb.org/55284

secunia.com/advisories/35553

www.securityfocus.com/bid/35465

www.securitytracker.com/id?1022432

exchange.xforce.ibmcloud.com/vulnerabilities/51312

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.4

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2009-2482

prion1 cvelist1 cve1