CVE-2006-1283

Name: CVE-2006-1283
Creator: NVD / NIST
Published: 2006-03-23T20:06:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.36%

Last modified Jun 16, 2026

CVE-2006-1283 is a vulnerability of currently unknown severity. opiepasswd in One-Time Passwords in Everything (OPIE) in FreeBSD 4.10-RELEASE-p22 through 6.1-STABLE before 20060322 uses the getlogin function to determine the invoking user account, which might allow local users to configure OPIE access to the root account and possibly gain root privileges if a root shell is permitted by the configuration of the wheel group or sshd.. EPSS estimates a 0.36% chance of exploitation in the next 30 days.

Description

opiepasswd in One-Time Passwords in Everything (OPIE) in FreeBSD 4.10-RELEASE-p22 through 6.1-STABLE before 20060322 uses the getlogin function to determine the invoking user account, which might allow local users to configure OPIE access to the root account and possibly gain root privileges if a root shell is permitted by the configuration of the wheel group or sshd.

Metrics

EPSS Probability

0.36%

28.0th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions	Update
Freebsd	Freebsd	1.1.5.1	—
Freebsd	Freebsd	2.0	—
Freebsd	Freebsd	2.0.5	—
Freebsd	Freebsd	2.1	Stable
Freebsd	Freebsd	2.1.0	—
Freebsd	Freebsd	2.1.5	—
Freebsd	Freebsd	2.1.6	—
Freebsd	Freebsd	2.1.6.1	—
Freebsd	Freebsd	2.1.7	—
Freebsd	Freebsd	2.1.7.1	—
Freebsd	Freebsd	2.2	—
Freebsd	Freebsd	2.2.1	—
Freebsd	Freebsd	2.2.2	—
Freebsd	Freebsd	2.2.3	—
Freebsd	Freebsd	2.2.4	—
Freebsd	Freebsd	2.2.5	—
Freebsd	Freebsd	2.2.6	—
Freebsd	Freebsd	2.2.7	—
Freebsd	Freebsd	2.2.8	—
Freebsd	Freebsd	3.0	—
Freebsd	Freebsd	3.1	—
Freebsd	Freebsd	3.2	—
Freebsd	Freebsd	3.3	—
Freebsd	Freebsd	3.4	—
Freebsd	Freebsd	3.5	—
Freebsd	Freebsd	3.5.1	—
Freebsd	Freebsd	4.0	—
Freebsd	Freebsd	4.1	—
Freebsd	Freebsd	4.1.1	—
Freebsd	Freebsd	4.2	—
Freebsd	Freebsd	4.3	—
Freebsd	Freebsd	4.4	—
Freebsd	Freebsd	4.5	—
Freebsd	Freebsd	4.6	—
Freebsd	Freebsd	4.6.2	—
Freebsd	Freebsd	4.7	—
Freebsd	Freebsd	4.8	—
Freebsd	Freebsd	4.9	—
Freebsd	Freebsd	4.10	—
Freebsd	Freebsd	4.11	Release P3
Freebsd	Freebsd	5.0	—
Freebsd	Freebsd	5.1	—
Freebsd	Freebsd	5.2	—
Freebsd	Freebsd	5.2.1	Release
Freebsd	Freebsd	5.3	—
Freebsd	Freebsd	5.4	Pre-Release
Freebsd	Freebsd	6.0	Release

References

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:12.opie.ascPatch, Vendor Advisory
http://secunia.com/advisories/19347Vendor Advisory
http://securitytracker.com/id?1015817
http://www.osvdb.org/24067
http://www.securityfocus.com/bid/17194Patch
http://www.vupen.com/english/advisories/2006/1074Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/25397
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:12.opie.ascPatch, Vendor Advisory
http://secunia.com/advisories/19347Vendor Advisory
http://securitytracker.com/id?1015817
http://www.osvdb.org/24067
http://www.securityfocus.com/bid/17194Patch
http://www.vupen.com/english/advisories/2006/1074Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/25397

Timeline

Published: Mar 23, 2006
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2006-1283?

How severe is CVE-2006-1283?

Severity scoring for CVE-2006-1283 is pending analysis. The EPSS model estimates a 0.36% probability of exploitation in the next 30 days.

How do I fix CVE-2006-1283?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2006-1283?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST