Vulnerability Description
The pam_unix module in OpenPAM in NetBSD 4.0 before 4.0.2 and 5.0 before 5.0.1 allows local users to change the current root password if it is already known, even when they are not in the wheel group.
CVSS Score
6.9
MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netbsd | Netbsd | 4.0 |
Related Weaknesses (CWE)
References
- ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-004.txt.asc
- http://osvdb.org/55284
- http://secunia.com/advisories/35553Vendor Advisory
- http://www.securityfocus.com/bid/35465
- http://www.securitytracker.com/id?1022432
- https://exchange.xforce.ibmcloud.com/vulnerabilities/51312
- ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-004.txt.asc
- http://osvdb.org/55284
- http://secunia.com/advisories/35553Vendor Advisory
- http://www.securityfocus.com/bid/35465
- http://www.securitytracker.com/id?1022432
- https://exchange.xforce.ibmcloud.com/vulnerabilities/51312
FAQ
What is CVE-2009-2482?
CVE-2009-2482 is a vulnerability with a CVSS score of 6.9 (MEDIUM). The pam_unix module in OpenPAM in NetBSD 4.0 before 4.0.2 and 5.0 before 5.0.1 allows local users to change the current root password if it is already known, even when they are not in the wheel group.
How severe is CVE-2009-2482?
CVE-2009-2482 has been rated MEDIUM with a CVSS base score of 6.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-2482?
Check the references section above for vendor advisories and patch information. Affected products include: Netbsd Netbsd.