ID de Prueba:	1.3.6.1.4.1.25623.1.0.56455
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Security Advisory (FreeBSD-SA-06:12.opie.asc)
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory FreeBSD-SA-06:12.opie.asc
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-06:12.opie.asc Vulnerability Insight: OPIE is a one-time password system designed to help to secure a system against replay attacks. It does so using a secure hash function and a challenge/response system. The opiepasswd(1) program is used to set up OPIE authentication for a user. OPIE is enabled by default on FreeBSD through PAM. The opiepasswd(1) program uses getlogin(2) to identify the user calling opiepasswd(1). In some circumstances getlogin(2) will return root even when running as an unprivileged user. This causes opiepasswd(1) to allow an unpriviled user to configure OPIE authentication for the root user. Solution: Upgrade your system to the appropriate stable release or security branch dated after the correction date. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-1283 BugTraq ID: 17194 http://www.securityfocus.com/bid/17194 FreeBSD Security Advisory: FreeBSD-SA-06:12 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:12.opie.asc http://www.osvdb.org/24067 http://securitytracker.com/id?1015817 http://secunia.com/advisories/19347 http://www.vupen.com/english/advisories/2006/1074 XForce ISS Database: bsd-opie-unauthorized-privileges(25397) https://exchange.xforce.ibmcloud.com/vulnerabilities/25397
Copyright	Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.