CVE-2006-1844

Name of the Vulnerable Software and Affected Versions Debian installer for shadow version 4.0.14 Debian installer for base-config version 2.53.10

Description The issue concerns sensitive information being included in world-readable log files by the Debian installer. This information includes preseeded passwords and pppoeconf passwords, which could potentially allow local users to gain privileges.

Recommendations For shadow version 4.0.14, restrict access to the log files generated by the Debian installer to prevent unauthorized users from reading sensitive information. For base-config version 2.53.10, consider modifying the installer to exclude sensitive information from log files or apply appropriate permissions to limit access to these logs.