Lucene search

[email protected]CVE-2009-2482

HistoryJul 16, 2009 - 4:30 p.m.

CVE-2009-2482

2009-07-1616:30:00

CWE-264

[email protected]

web.nvd.nist.gov

pam_unix

openpam

netbsd

cve-2009-2482

security

vulnerability

nvd

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

The pam_unix module in OpenPAM in NetBSD 4.0 before 4.0.2 and 5.0 before 5.0.1 allows local users to change the current root password if it is already known, even when they are not in the wheel group.

Affected configurations

NVD

Node

netbsdnetbsdMatch4.0

netbsdnetbsdMatch4.0beta

netbsdnetbsdMatch4.0beta2

netbsdnetbsdMatch4.0.1

netbsdnetbsdMatch4.1

netbsdnetbsdMatch5.0

netbsdnetbsdMatch5.0rc3

CPENameOperatorVersion
netbsd:netbsdnetbsdeq4.0
netbsd:netbsdnetbsdeq4.0.1
netbsd:netbsdnetbsdeq4.1
netbsd:netbsdnetbsdeq5.0

CPE	Name	Operator	Version
netbsd:netbsd	netbsd	eq	4.0
netbsd:netbsd	netbsd	eq	4.0.1
netbsd:netbsd	netbsd	eq	4.1
netbsd:netbsd	netbsd	eq	5.0

References

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-004.txt.asc

osvdb.org/55284

secunia.com/advisories/35553

www.securityfocus.com/bid/35465

www.securitytracker.com/id?1022432

exchange.xforce.ibmcloud.com/vulnerabilities/51312

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2009-2482

nvd1 prion1 cvelist1