Executive Summary

Informations
NameCVE-2009-2482First vendor Publication2009-07-16
VendorCveLast vendor Modification2009-07-16

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score6.9Attack RangeLocal
Cvss Impact Score10Attack ComplexityMedium
Cvss Expoit Score3.4AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

The pam_unix module in OpenPAM in NetBSD 4.0 before 4.0.2 and 5.0 before 5.0.1 allows local users to change the current root password if it is already known, even when they are not in the wheel group.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2482

CWE : Common Weakness Enumeration

idName
CWE-264Permissions, Privileges, and Access Controls

CPE : Common Platform Enumeration

TypeDescriptionCount
Os7

Open Source Vulnerability Database (OSVDB)

idDescription
55284NetBSD pam_unix Module (OpenPAM) Unauthorized root Password Reset

Internal Sources (Detail)

SourceUrl
BIDhttp://www.securityfocus.com/bid/35465
OSVDBhttp://osvdb.org/55284
SECTRACKhttp://www.securitytracker.com/id?1022432
SECUNIAhttp://secunia.com/advisories/35553
XFhttp://xforce.iss.net/xforce/xfdb/51312

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2013-05-10 23:53:59
  • Multiple Updates