Test Kennung:	1.3.6.1.4.1.25623.1.0.56455
Kategorie:	FreeBSD Local Security Checks
Titel:	FreeBSD Security Advisory (FreeBSD-SA-06:12.opie.asc)
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-06:12.opie.asc OPIE is a one-time password system designed to help to secure a system against replay attacks. It does so using a secure hash function and a challenge/response system. The opiepasswd(1) program is used to set up OPIE authentication for a user. OPIE is enabled by default on FreeBSD through PAM. The opiepasswd(1) program uses getlogin(2) to identify the user calling opiepasswd(1). In some circumstances getlogin(2) will return root even when running as an unprivileged user. This causes opiepasswd(1) to allow an unpriviled user to configure OPIE authentication for the root user. Solution: Upgrade your system to the appropriate stable release or security branch dated after the correction date http://www.securityspace.com/smysecure/catid.html?in=FreeBSD-SA-06:12.opie.asc CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	BugTraq ID: 17194 Common Vulnerability Exposure (CVE) ID: CVE-2006-1283 http://www.securityfocus.com/bid/17194 FreeBSD Security Advisory: FreeBSD-SA-06:12 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:12.opie.asc http://www.osvdb.org/24067 http://securitytracker.com/id?1015817 http://secunia.com/advisories/19347 http://www.vupen.com/english/advisories/2006/1074 XForce ISS Database: bsd-opie-unauthorized-privileges(25397) https://exchange.xforce.ibmcloud.com/vulnerabilities/25397
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.