PT-2006-2385 · Debian · Debian

Ferenczi Viktor

Published

2006-03-24

Updated

2017-07-20

CVE-2006-1376

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Debian GNU/Linux version 3.1r1

Description The issue concerns the installation of Debian GNU/Linux from the network install CD, which creates a log file with world writable permissions. This allows local users to cause a denial of service by consuming disk space.

Recommendations For Debian GNU/Linux version 3.1r1, consider changing the permissions of the /var/log/debian-installer/cdebconf file to prevent world writable access as a temporary workaround to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-1376

Affected Products

Debian

PT-2006-2385 · Debian · Debian

CVE-2006-1376

Related Identifiers

Affected Products

References · 7