PT-2006-2835 · Debian · Base-Config+1

Joey Hess

Published

2006-04-19

Updated

2020-08-11

CVE-2006-1844

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Debian installer for shadow version 4.0.14 Debian installer for base-config version 2.53.10

Description The issue concerns sensitive information being included in world-readable log files by the Debian installer. This information includes preseeded passwords and pppoeconf passwords, which could potentially allow local users to gain privileges.

Recommendations For shadow version 4.0.14, restrict access to the log files generated by the Debian installer to prevent unauthorized users from reading sensitive information. For base-config version 2.53.10, consider modifying the installer to exclude sensitive information from log files or apply appropriate permissions to limit access to these logs.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-1844

Affected Products

Debian

Base-Config

PT-2006-2835 · Debian · Base-Config+1

CVE-2006-1844

Related Identifiers

Affected Products

References · 7