CVE-2006-1844

The Debian installer for the (1) shadow 4.0.14 and (2) base-config 2.53.10 packages includes sensitive information in world-readable log files, including preseeded passwords and pppoeconf passwords, which might allow local users to gain privileges.

Published: Apr 19, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-1844
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
debian / base-config	2.53.10	2.53.10.x
debian / shadow	4.0.14	4.0.14.x

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356939
http://secunia.com/advisories/19170
http://www.osvdb.org/23922

Vulnerability Database

289,697

CVE-2006-1844