Description
The pam_unix module in OpenPAM in NetBSD 4.0 before 4.0.2 and 5.0 before 5.0.1 allows local users to change the current root password if it is already known, even when they are not in the wheel group.
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1022432
Vendor Advisory vendor-advisory
x_refsource_netbsd
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-004.txt.asc
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35553
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/55284
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/35465
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/51312
Scores
EPSS
0.0005
EPSS Percentile
16.1%
Details
CWE
CWE-264
Status
published
Products (4)
netbsd/netbsd
4.0 (3 CPE variants)
netbsd/netbsd
4.0.1
netbsd/netbsd
4.1
netbsd/netbsd
5.0 (2 CPE variants)
Published
Jul 16, 2009
Tracked Since
Feb 18, 2026