Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1183

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2006-1183
Last Modified 07 Mar 2011 09:32:20
Published 13 Mar 2006 07:18:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2006-1183

Summary

The Ubuntu 5.10 installer does not properly clear passwords from the installer log file (questions.dat), and leaves the log file with world-readable permissions, which allows local users to gain privileges.

Vulnerable Systems

Operating System

  • Ubuntu Linux 5.10


References

UBUNTU - USN-262-1

CONFIRM - https://launchpad.net/distros/ubuntu/+source/shadow/+bug/34606

VUPEN - ADV-2006-0927

XF - ubuntu-installer-password-disclosure(25170)

BID - 17086

OSVDB - 23868

SECTRACK - 1015761

SECUNIA - 19200


Last Updated: 27 May 2016 10:41:58