PT-2006-4472 · Canonical · Ubuntu+1

Published

2006-07-14

Updated

2008-09-05

CVE-2006-3597

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions passwd version 1:4.0.13 and earlier on Ubuntu 6.06 LTS

Description The issue occurs when the administrator selects the "Go Back" option after the final "Installation complete" message and uses the main menu, causing the root password to be left blank instead of being locked. This happens because the password is zeroed out in the installer's memory.

Recommendations For passwd version 1:4.0.13 and earlier on Ubuntu 6.06 LTS, ensure that the "Go Back" option is not selected after the final "Installation complete" message to prevent the root password from being left blank. Alternatively, manually set a strong root password after installation to mitigate the risk.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-3597

Affected Products

Ubuntu

Passwd

PT-2006-4472 · Canonical · Ubuntu+1

CVE-2006-3597

Related Identifiers

Affected Products

References · 4