FreeBSD Security Advisory (FreeBSD-SA-06:12.opie.asc)

The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-06:12.opie.asc ADV FreeBSD-SA-06:12.opie.asc OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft In...

FreeBSD Security Advisory (FreeBSD-SA-06:12.opie.asc)

The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-06:12.opie.asc SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

CVE-2006-1283

opiepasswd in One-Time Passwords in Everything OPIE in FreeBSD 4.10-RELEASE-p22 through 6.1-STABLE before 20060322 uses the getlogin function to determine the invoking user account, which might allow local users to configure OPIE access to the root account and possibly gain root privileges if a...

Design/Logic Flaw

opiepasswd in One-Time Passwords in Everything OPIE in FreeBSD 4.10-RELEASE-p22 through 6.1-STABLE before 20060322 uses the getlogin function to determine the invoking user account, which might allow local users to configure OPIE access to the root account and possibly gain root privileges if a...

CVE-2006-1283

opiepasswd in One-Time Passwords in Everything OPIE in FreeBSD 4.10-RELEASE-p22 through 6.1-STABLE before 20060322 uses the getlogin function to determine the invoking user account, which might allow local users to configure OPIE access to the root account and possibly gain root privileges if a...

CVE-2006-1283

CVE-2006-1283 affects FreeBSD’s OPIE integration (opiepasswd) where getlogin(2) may return root for unprivileged users, allowing an attacker to configure OPIE for the root account and potentially gain root privileges if root login is permitted via sshd or wheel-group access. Affected: FreeBSD 4.1...

CVE-2006-1283

opiepasswd in One-Time Passwords in Everything OPIE in FreeBSD 4.10-RELEASE-p22 through 6.1-STABLE before 20060322 uses the getlogin function to determine the invoking user account, which might allow local users to configure OPIE access to the root account and possibly gain root privileges if a...

OPIE -- arbitrary password change

Problem Description The opiepasswd1 program uses getlogin2 to identify the user calling opiepasswd1. In some circumstances getlogin2 will return "root" even when running as an unprivileged user. This causes opiepasswd1 to allow an unpriviled user to configure OPIE authentication for the root user...