cvelistv5 - cve-2006-1283

CVE-2006-1283 (GCVE-0-2006-1283)

Vulnerability from cvelistv5

Published

2006-03-23 20:00

Modified

2024-08-07 17:03

Severity ?

CWE

Summary

opiepasswd in One-Time Passwords in Everything (OPIE) in FreeBSD 4.10-RELEASE-p22 through 6.1-STABLE before 20060322 uses the getlogin function to determine the invoking user account, which might allow local users to configure OPIE access to the root account and possibly gain root privileges if a root shell is permitted by the configuration of the wheel group or sshd.

References

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilities/25397	vdb-entry, x_refsource_XF
	http://securitytracker.com/id?1015817	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/17194	vdb-entry, x_refsource_BID
	ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:12.opie.asc	vendor-advisory, x_refsource_FREEBSD
	http://secunia.com/advisories/19347	third-party-advisory, x_refsource_SECUNIA
	http://www.osvdb.org/24067	vdb-entry, x_refsource_OSVDB
	http://www.vupen.com/english/advisories/2006/1074	vdb-entry, x_refsource_VUPEN

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T17:03:28.908Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "bsd-opie-unauthorized-privileges(25397)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25397"
          },
          {
            "name": "1015817",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1015817"
          },
          {
            "name": "17194",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/17194"
          },
          {
            "name": "FreeBSD-SA-06:12",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:12.opie.asc"
          },
          {
            "name": "19347",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19347"
          },
          {
            "name": "24067",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/24067"
          },
          {
            "name": "ADV-2006-1074",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/1074"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-03-22T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "opiepasswd in One-Time Passwords in Everything (OPIE) in FreeBSD 4.10-RELEASE-p22 through 6.1-STABLE before 20060322 uses the getlogin function to determine the invoking user account, which might allow local users to configure OPIE access to the root account and possibly gain root privileges if a root shell is permitted by the configuration of the wheel group or sshd."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-19T15:57:01.000Z",
        "orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
        "shortName": "freebsd"
      },
      "references": [
        {
          "name": "bsd-opie-unauthorized-privileges(25397)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25397"
        },
        {
          "name": "1015817",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1015817"
        },
        {
          "name": "17194",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/17194"
        },
        {
          "name": "FreeBSD-SA-06:12",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:12.opie.asc"
        },
        {
          "name": "19347",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19347"
        },
        {
          "name": "24067",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/24067"
        },
        {
          "name": "ADV-2006-1074",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/1074"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secteam@freebsd.org",
          "ID": "CVE-2006-1283",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "opiepasswd in One-Time Passwords in Everything (OPIE) in FreeBSD 4.10-RELEASE-p22 through 6.1-STABLE before 20060322 uses the getlogin function to determine the invoking user account, which might allow local users to configure OPIE access to the root account and possibly gain root privileges if a root shell is permitted by the configuration of the wheel group or sshd."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "bsd-opie-unauthorized-privileges(25397)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25397"
            },
            {
              "name": "1015817",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1015817"
            },
            {
              "name": "17194",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/17194"
            },
            {
              "name": "FreeBSD-SA-06:12",
              "refsource": "FREEBSD",
              "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:12.opie.asc"
            },
            {
              "name": "19347",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19347"
            },
            {
              "name": "24067",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/24067"
            },
            {
              "name": "ADV-2006-1074",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/1074"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
    "assignerShortName": "freebsd",
    "cveId": "CVE-2006-1283",
    "datePublished": "2006-03-23T20:00:00.000Z",
    "dateReserved": "2006-03-19T00:00:00.000Z",
    "dateUpdated": "2024-08-07T17:03:28.908Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2006-AVI-126

Vulnerability from certfr_avis

Une vulnérabilité dans un mécanisme d'authentification sous FreeBSD permet à un utilisateur mal intentionné d'élever ses privilèges.

Description

OPIE (One-time Passwords In Everything) est une mis en œuvre du système OTP (One-Time Password), un système basé sur des mots de passe dits jetables permettant de se prémunir contre les attaques par rejeu. Le programmme opiepasswd est utilisé afin de contôler l'authentification OPIE pour un utilisateur. Sous FreeBSD, le mécanisme OPIE est activé par défaut au travers de PAM (Pluggable Authentication Module). Une vulnérabilité dans ce mécanisme d'authentification OPIE permet à un utilisateur mal intentionné, dans certaines conditions, d'élever ses privilèges.

Contournement provisoire

Désactiver l'authentification par OPIE à travers PAM. Pour ceci, on pourra exécuter la commande :
```
sed -i "" -e /opie/s/^/#/ /etc/pam.d/*
```

enlever le drapeau setuid du binaire opiepasswd. Pour cela :

  chflags noschg /usr/bin/opiepasswd
  chmod 555 /usr/bin/opiepasswd
  chflags schg /usr/bin/opiepasswd

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Toutes les versions de FreeBSD.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité FreeBSD FreeBSD-SA-06:12.opie du 22 mars 2006	None	vendor-advisory
Bulletin de sécurité FreeBSD SA-06:12.opie du 22 mars 2006 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eToutes les versions de FreeBSD.\u003c/p\u003e",
  "content": "## Description\n\nOPIE (One-time Passwords In Everything) est une mis en \u0153uvre du syst\u00e8me\nOTP (One-Time Password), un syst\u00e8me bas\u00e9 sur des mots de passe dits\njetables permettant de se pr\u00e9munir contre les attaques par rejeu. Le\nprogrammme opiepasswd est utilis\u00e9 afin de cont\u00f4ler l\u0027authentification\nOPIE pour un utilisateur. Sous FreeBSD, le m\u00e9canisme OPIE est activ\u00e9 par\nd\u00e9faut au travers de PAM (Pluggable Authentication Module). Une\nvuln\u00e9rabilit\u00e9 dans ce m\u00e9canisme d\u0027authentification OPIE permet \u00e0 un\nutilisateur mal intentionn\u00e9, dans certaines conditions, d\u0027\u00e9lever ses\nprivil\u00e8ges.\n\n## Contournement provisoire\n\n-   D\u00e9sactiver l\u0027authentification par OPIE \u00e0 travers PAM. Pour ceci, on\n    pourra ex\u00e9cuter la commande :\n\n        sed -i \"\" -e /opie/s/^/#/ /etc/pam.d/*\n\n-   enlever le drapeau setuid du binaire opiepasswd. Pour cela :\n\n         \n          chflags noschg /usr/bin/opiepasswd\n          chmod 555 /usr/bin/opiepasswd\n          chflags schg /usr/bin/opiepasswd\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-1283",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-1283"
    }
  ],
  "initial_release_date": "2006-03-23T00:00:00",
  "last_revision_date": "2006-03-23T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 FreeBSD SA-06:12.opie du 22 mars 2006    :",
      "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:12.opie.asc"
    }
  ],
  "reference": "CERTA-2006-AVI-126",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2006-03-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans un m\u00e9canisme d\u0027authentification sous FreeBSD\npermet \u00e0 un utilisateur mal intentionn\u00e9 d\u0027\u00e9lever ses privil\u00e8ges.\n",
  "title": "Vuln\u00e9rabilit\u00e9 de l\u0027authentification OPIE dans FreeBSD",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FreeBSD FreeBSD-SA-06:12.opie du 22 mars 2006",
      "url": null
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2006-1283 (GCVE-0-2006-1283)

Vulnerability from cvelistv5

CERTA-2006-AVI-126

Vulnerability from certfr_avis

Description

Contournement provisoire

Solution

Tags

Sightings

Nomenclature