Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1772

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2006-1772
Last Modified 05 Sep 2008 05:02:48
Published 13 Apr 2006 06:02:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2006-1772

Summary

debconf in Debian GNU/Linux, when configuring mnogosearch in the mnogosearch-common 3.2.31-1 package, uses the world-readable config.dat file instead of the restricted passwords.dat for storing the cleartext database administrator password in the mnogosearch-common/database_admin_pass record, which allows local users to view the password.

Vulnerable Systems

Operating System

  • Debian Linux 3.1


References

BID - 17477

MISC - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=361775

SECUNIA - 19589


Last Updated: 27 May 2016 10:42:10