Vulnerabilities > CVE-2006-1844 - Unspecified vulnerability in Debian Base-Config and Shadow

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

local

low complexity

debian

NVD

Published: 2006-04-19

Updated: 2020-08-11

Summary

The Debian installer for the (1) shadow 4.0.14 and (2) base-config 2.53.10 packages includes sensitive information in world-readable log files, including preseeded passwords and pppoeconf passwords, which might allow local users to gain privileges.

Vulnerable Configurations

Part	Description	Count
Application	Debian Debian Base Config 2.53.10 Debian Shadow 4.0.14	2

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356939
http://secunia.com/advisories/19170
http://www.osvdb.org/23922