Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1844

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2006-1844
Last Modified 05 Sep 2008 05:02:59
Published 19 Apr 2006 12:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2006-1844

Summary

The Debian installer for the (1) shadow 4.0.14 and (2) base-config 2.53.10 packages includes sensitive information in world-readable log files, including preseeded passwords and pppoeconf passwords, which might allow local users to gain privileges.

Vulnerable Systems

Application

  • Debian Base-config 2.53.10

  • Debian Shadow-utils 4.0.14


References

OSVDB - 23922

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356939

SECUNIA - 19170


Last Updated: 27 May 2016 10:42:14