Lucene search

PRIOn knowledge basePRION:CVE-2006-1283

HistoryMar 23, 2006 - 8:06 p.m.

Design/Logic Flaw

2006-03-2320:06:00

PRIOn knowledge base

www.prio-n.com

7.2 High

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

23.4%

JSON

opiepasswd in One-Time Passwords in Everything (OPIE) in FreeBSD 4.10-RELEASE-p22 through 6.1-STABLE before 20060322 uses the getlogin function to determine the invoking user account, which might allow local users to configure OPIE access to the root account and possibly gain root privileges if a root shell is permitted by the configuration of the wheel group or sshd.

CPENameOperatorVersion
freebsdeq4.3 releng
freebsdeq4.1.1 stable
freebsdeq4.6 releng
freebsdeq4.8 release-p7
freebsdeq5.4 releng
freebsdeq5.3 release
freebsdeq3.1
freebsdeq4.1.1 release
freebsdeq3.0 releng
freebsdeq2.2.5

Name	Operator	Version
freebsd	eq	4.3 releng
freebsd	eq	4.1.1 stable
freebsd	eq	4.6 releng
freebsd	eq	4.8 release-p7
freebsd	eq	5.4 releng
freebsd	eq	5.3 release
freebsd	eq	3.1
freebsd	eq	4.1.1 release
freebsd	eq	3.0 releng
freebsd	eq	2.2.5

Rows per page:

1-10 of 1001

References

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:12.opie.asc

secunia.com/advisories/19347

securitytracker.com/id?1015817

www.osvdb.org/24067

www.securityfocus.com/bid/17194

www.vupen.com/english/advisories/2006/1074

exchange.xforce.ibmcloud.com/vulnerabilities/25397

7.2 High

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

23.4%

JSON

Related for PRION:CVE-2006-1283