CVE-2009-2482

EUVD-2009-2477
The pam_unix module in OpenPAM in NetBSD 4.0 before 4.0.2 and 5.0 before 5.0.1 allows local users to change the current root password if it is already known, even when they are not in the wheel group.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.9 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 15%
Affected Products (NVD)
VendorProductVersion
netbsdnetbsd
4.0
netbsdnetbsd
4.0:beta
netbsdnetbsd
4.0:beta2
netbsdnetbsd
4.0.1
netbsdnetbsd
4.1
netbsdnetbsd
5.0
netbsdnetbsd
5.0:rc3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-004.txt.asc
http://osvdb.org/55284
http://secunia.com/advisories/35553
http://www.securityfocus.com/bid/35465
http://www.securitytracker.com/id?1022432
https://exchange.xforce.ibmcloud.com/vulnerabilities/51312
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-004.txt.asc
http://osvdb.org/55284
http://secunia.com/advisories/35553
http://www.securityfocus.com/bid/35465
http://www.securitytracker.com/id?1022432
https://exchange.xforce.ibmcloud.com/vulnerabilities/51312