CVE-2006-1283

Sažetak

opiepasswd in One-Time Passwords in Everything (OPIE) in FreeBSD 4.10-RELEASE-p22 through 6.1-STABLE before 20060322 uses the getlogin function to determine the invoking user account, which might allow local users to configure OPIE access to the root account and possibly gain root privileges if a root shell is permitted by the configuration of the wheel group or sshd.

Reference

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:12.opie.asc
http://secunia.com/advisories/19347
http://securitytracker.com/id?1015817
http://www.osvdb.org/24067
http://www.securityfocus.com/bid/17194
http://www.vupen.com/english/advisories/2006/1074
https://exchange.xforce.ibmcloud.com/vulnerabilities/25397

CVSS

Base:	7.2
Impact:	10.0
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

20-07-2017 - 01:30

Objavljeno

23-03-2006 - 20:06