Vulnerability Description
opiepasswd in One-Time Passwords in Everything (OPIE) in FreeBSD 4.10-RELEASE-p22 through 6.1-STABLE before 20060322 uses the getlogin function to determine the invoking user account, which might allow local users to configure OPIE access to the root account and possibly gain root privileges if a root shell is permitted by the configuration of the wheel group or sshd.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Freebsd | Freebsd | 1.1.5.1 |
References
- ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:12.opie.ascPatchVendor Advisory
- http://secunia.com/advisories/19347Vendor Advisory
- http://securitytracker.com/id?1015817
- http://www.osvdb.org/24067
- http://www.securityfocus.com/bid/17194Patch
- http://www.vupen.com/english/advisories/2006/1074Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25397
- ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:12.opie.ascPatchVendor Advisory
- http://secunia.com/advisories/19347Vendor Advisory
- http://securitytracker.com/id?1015817
- http://www.osvdb.org/24067
- http://www.securityfocus.com/bid/17194Patch
- http://www.vupen.com/english/advisories/2006/1074Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25397
FAQ
What is CVE-2006-1283?
CVE-2006-1283 is a vulnerability with a CVSS score of 7.2 (HIGH). opiepasswd in One-Time Passwords in Everything (OPIE) in FreeBSD 4.10-RELEASE-p22 through 6.1-STABLE before 20060322 uses the getlogin function to determine the invoking user account, which might allo...
How severe is CVE-2006-1283?
CVE-2006-1283 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-1283?
Check the references section above for vendor advisories and patch information. Affected products include: Freebsd Freebsd.