The pam_unix module in OpenPAM in NetBSD 4.0 before 4.0.2 and 5.0 before 5.0.1 allows local users to change the current root password if it is already known, even when they are not in the wheel group.
2009-07-16T16:30:00.453
2025-04-09T00:30:58.490
Deferred
CVSSv2: 6.9 (MEDIUM)
AV:L/AC:M/Au:N/C:C/I:C/A:C
3.4
10.0
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | netbsd | netbsd | 4.0 | Yes |
| Operating System | netbsd | netbsd | 4.0 | Yes |
| Operating System | netbsd | netbsd | 4.0 | Yes |
| Operating System | netbsd | netbsd | 4.0.1 | Yes |
| Operating System | netbsd | netbsd | 4.1 | Yes |
| Operating System | netbsd | netbsd | 5.0 | Yes |
| Operating System | netbsd | netbsd | 5.0 | Yes |