Local Password Change Vulnerability in OpenPAM for NetBSD
CVE-2009-2482

Currently unrated

Key Information:

Vendor: Netbsd
Status: Netbsd
Vendor: CVE Published:; 16 July 2009

What is CVE-2009-2482?

The pam_unix module in OpenPAM for NetBSD versions prior to 4.0.2 and 5.0.1 has a security flaw that permits local users to change the root password if they already possess knowledge of the current password. This vulnerability allows unauthorized alterations, effectively bypassing intended security mechanisms related to user privileges and group membership.

References

http://www.securitytracker.com/id?1022432

vdb-entryx_refsource_SECTRACK

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBS...

vendor-advisoryx_refsource_NETBSD

http://secunia.com/advisories/35553

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 16, 2009
Vulnerability Reserved
Jul 16, 2009

CVE-2009-2482 Data

JSON

Netbsd

What is CVE-2009-2482?

References

Timeline