Lucene search
HistoryMar 23, 2006 - 8:06 p.m.
CVE-2006-1283
opiepasswd
opie
freebsd
root privileges
cve-2006-1283
security vulnerability
nvd
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
6.5 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
25.6%
opiepasswd in One-Time Passwords in Everything (OPIE) in FreeBSD 4.10-RELEASE-p22 through 6.1-STABLE before 20060322 uses the getlogin function to determine the invoking user account, which might allow local users to configure OPIE access to the root account and possibly gain root privileges if a root shell is permitted by the configuration of the wheel group or sshd.
Affected configurations
Node
freebsdfreebsdMatch1.1.5.1
ORfreebsdfreebsdMatch2.0
ORfreebsdfreebsdMatch2.0.5
ORfreebsdfreebsdMatch2.1stable
ORfreebsdfreebsdMatch2.1.0
ORfreebsdfreebsdMatch2.1.5
ORfreebsdfreebsdMatch2.1.6
ORfreebsdfreebsdMatch2.1.6.1
ORfreebsdfreebsdMatch2.1.7
ORfreebsdfreebsdMatch2.1.7.1
ORfreebsdfreebsdMatch2.2
ORfreebsdfreebsdMatch2.2.1
ORfreebsdfreebsdMatch2.2.2
ORfreebsdfreebsdMatch2.2.3
ORfreebsdfreebsdMatch2.2.4
ORfreebsdfreebsdMatch2.2.5
ORfreebsdfreebsdMatch2.2.6
ORfreebsdfreebsdMatch2.2.7
ORfreebsdfreebsdMatch2.2.8
ORfreebsdfreebsdMatch3.0
ORfreebsdfreebsdMatch3.0releng
ORfreebsdfreebsdMatch3.1
ORfreebsdfreebsdMatch3.2
ORfreebsdfreebsdMatch3.3
ORfreebsdfreebsdMatch3.4
ORfreebsdfreebsdMatch3.5
ORfreebsdfreebsdMatch3.5stable
ORfreebsdfreebsdMatch3.5.1
ORfreebsdfreebsdMatch3.5.1release
ORfreebsdfreebsdMatch3.5.1stable
ORfreebsdfreebsdMatch4.0
ORfreebsdfreebsdMatch4.0alpha
ORfreebsdfreebsdMatch4.0releng
ORfreebsdfreebsdMatch4.1
ORfreebsdfreebsdMatch4.1.1
ORfreebsdfreebsdMatch4.1.1release
ORfreebsdfreebsdMatch4.1.1stable
ORfreebsdfreebsdMatch4.2
ORfreebsdfreebsdMatch4.2stable
ORfreebsdfreebsdMatch4.3
ORfreebsdfreebsdMatch4.3release
ORfreebsdfreebsdMatch4.3release_p38
ORfreebsdfreebsdMatch4.3releng
ORfreebsdfreebsdMatch4.3stable
ORfreebsdfreebsdMatch4.4
ORfreebsdfreebsdMatch4.4release_p42
ORfreebsdfreebsdMatch4.4releng
ORfreebsdfreebsdMatch4.4stable
ORfreebsdfreebsdMatch4.5
ORfreebsdfreebsdMatch4.5release
ORfreebsdfreebsdMatch4.5release_p32
ORfreebsdfreebsdMatch4.5releng
ORfreebsdfreebsdMatch4.5stable
ORfreebsdfreebsdMatch4.6
ORfreebsdfreebsdMatch4.6release
ORfreebsdfreebsdMatch4.6release_p20
ORfreebsdfreebsdMatch4.6releng
ORfreebsdfreebsdMatch4.6stable
ORfreebsdfreebsdMatch4.6.2
ORfreebsdfreebsdMatch4.7
ORfreebsdfreebsdMatch4.7release
ORfreebsdfreebsdMatch4.7release_p17
ORfreebsdfreebsdMatch4.7releng
ORfreebsdfreebsdMatch4.7stable
ORfreebsdfreebsdMatch4.8
ORfreebsdfreebsdMatch4.8pre-release
ORfreebsdfreebsdMatch4.8release_p7
ORfreebsdfreebsdMatch4.8releng
ORfreebsdfreebsdMatch4.9
ORfreebsdfreebsdMatch4.9pre-release
ORfreebsdfreebsdMatch4.9releng
ORfreebsdfreebsdMatch4.10
ORfreebsdfreebsdMatch4.10release
ORfreebsdfreebsdMatch4.10release_p8
ORfreebsdfreebsdMatch4.10releng
ORfreebsdfreebsdMatch4.11release_p3
ORfreebsdfreebsdMatch4.11releng
ORfreebsdfreebsdMatch4.11stable
ORfreebsdfreebsdMatch5.0
ORfreebsdfreebsdMatch5.0alpha
ORfreebsdfreebsdMatch5.0release_p14
ORfreebsdfreebsdMatch5.0releng
ORfreebsdfreebsdMatch5.1
ORfreebsdfreebsdMatch5.1alpha
ORfreebsdfreebsdMatch5.1release
ORfreebsdfreebsdMatch5.1release_p5
ORfreebsdfreebsdMatch5.1releng
ORfreebsdfreebsdMatch5.2
ORfreebsdfreebsdMatch5.2.1release
ORfreebsdfreebsdMatch5.2.1releng
ORfreebsdfreebsdMatch5.3
ORfreebsdfreebsdMatch5.3release
ORfreebsdfreebsdMatch5.3releng
ORfreebsdfreebsdMatch5.3stable
ORfreebsdfreebsdMatch5.4pre-release
ORfreebsdfreebsdMatch5.4release
ORfreebsdfreebsdMatch5.4releng
ORfreebsdfreebsdMatch5.4stable
ORfreebsdfreebsdMatch6.0release
ORfreebsdfreebsdMatch6.0stable
Related
openvas
openvas
FreeBSD Security Advisory (FreeBSD-SA-06:12.opie.asc)
2008-09-04 00:00:00
FreeBSD Security Advisory (FreeBSD-SA-06:12.opie.asc)
2008-09-04 00:00:00
nvd
nvd
CVE-2006-1283
2006-03-23 20:06:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-06:12.opie
2006-03-22 00:00:00
cvelist
cvelist
CVE-2006-1283
2006-03-23 20:00:00
freebsd
freebsd
OPIE -- arbitrary password change
2006-03-22 00:00:00
ubuntucve
ubuntucve
CVE-2006-1283
2006-03-23 00:00:00
prion
prion
Design/Logic Flaw
2006-03-23 20:06:00
securityvulns
securityvulns
FreeBSD Security Advisory FreeBSD-SA-06:12.opie
2006-03-22 00:00:00
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
6.5 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
25.6%
Related for CVE-2006-1283