Vulnerability Database

317,094

Total vulnerabilities in the database

CVE-2009-2482

The pam_unix module in OpenPAM in NetBSD 4.0 before 4.0.2 and 5.0 before 5.0.1 allows local users to change the current root password if it is already known, even when they are not in the wheel group.

Published: Jul 16, 2009
Updated: Nov 9, 2025
CVE: CVE-2009-2482
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.9
AV:L/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
netbsd / netbsd	4.1	4.1.x
netbsd / netbsd	5.0	5.0.x
netbsd / netbsd	4.0	4.0.x
netbsd / netbsd	4.0-beta	4.0-beta.x
netbsd / netbsd	5.0-rc3	5.0-rc3.x
netbsd / netbsd	4.0.1	4.0.1.x
netbsd / netbsd	4.0-beta2	4.0-beta2.x

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-004.txt.asc
http://osvdb.org/55284
http://secunia.com/advisories/35553
http://www.securityfocus.com/bid/35465
http://www.securitytracker.com/id?1022432
https://exchange.xforce.ibmcloud.com/vulnerabilities/51312

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo