CVE-2006-3597

passwd before 1:4.0.13 on Ubuntu 6.06 LTS leaves the root password blank instead of locking it when the administrator selects the "Go Back" option after the final "Installation complete" message and uses the main menu, which causes the password to be zeroed out in the installer's memory.

Published: Jul 18, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-3597
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
ubuntu / ubuntu_linux	6.06_lts	6.06_lts.x

http://secunia.com/advisories/21022
http://www.osvdb.org/27091
http://www.ubuntu.com/usn/usn-316-1

Vulnerability Database

289,599

CVE-2006-3597