Summary
The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-06:12.opie.asc
Solution
Upgrade your system to the appropriate stable release or security branch dated after the correction date
https://secure1.securityspace.com/smysecure/catid.html?in=FreeBSD-SA-06:12.opie.asc
Insight
OPIE is a one-time password system designed to help to secure a system against replay attacks. It does so using a secure hash function and a challenge/response system. The opiepasswd(1) program is used to set up OPIE authentication for a user. OPIE is enabled by default on FreeBSD through PAM.
The opiepasswd(1) program uses getlogin(2) to identify the user calling opiepasswd(1). In some circumstances getlogin(2) will return root even when running as an unprivileged user. This causes opiepasswd(1) to allow an unpriviled user to configure OPIE authentication for the root user.
Severity
Classification
-
CVE CVE-2006-1283 -
CVSS Base Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities