CVE-2009-2482

Executive Summary

Informations
Name	CVE-2009-2482	First vendor Publication	2009-07-16
Vendor	Cve	Last vendor Modification	2009-07-16

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	6.9	Attack Range	Local
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	3.4	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The pam_unix module in OpenPAM in NetBSD 4.0 before 4.0.2 and 5.0 before 5.0.1 allows local users to change the current root password if it is already known, even when they are not in the wheel group.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2482

CWE : Common Weakness Enumeration

id	Name
CWE-264	Permissions, Privileges, and Access Controls

CPE : Common Platform Enumeration

Type	Description	Count
Os	Netbsd Netbsd cpe:/o:netbsd:netbsd:5.0 cpe:/o:netbsd:netbsd:5.0:rc3 cpe:/o:netbsd:netbsd:4.1 cpe:/o:netbsd:netbsd:4.0.1 cpe:/o:netbsd:netbsd:4.0:beta2 cpe:/o:netbsd:netbsd:4.0:beta cpe:/o:netbsd:netbsd:4.0	7

Open Source Vulnerability Database (OSVDB)

id	Description
55284	NetBSD pam_unix Module (OpenPAM) Unauthorized root Password Reset

Internal Sources (Detail)

Source	Url
BID	http://www.securityfocus.com/bid/35465
OSVDB	http://osvdb.org/55284
SECTRACK	http://www.securitytracker.com/id?1022432
SECUNIA	http://secunia.com/advisories/35553
XF	http://xforce.iss.net/xforce/xfdb/51312

Alert History

If you want to see full details history, please login or register.

Date	Informations
2013-05-10 23:53:59	Multiple Updates

Related	Severity
N/A

Copyright Security-Database 2006-2013 - Powered by themself ;) in 0.0239s

Facebook rss twitter linkedin mail