Описание
The Debian installer for the (1) shadow 4.0.14 and (2) base-config 2.53.10 packages includes sensitive information in world-readable log files, including preseeded passwords and pppoeconf passwords, which might allow local users to gain privileges.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| shadow | fixed | 1:4.0.3-31sarge8 | sarge | package |
| base-config | not-affected | sarge | package | |
| shadow | fixed | 1:4.0.14-9 | package | |
| base-config | fixed | 2.68 | package |
Примечания
The installer is fixed separately, but the postinst of the shadow update
corrects permissions of a faulty install
seems to be a duplicate of CVE-2006-1376
Связанные уязвимости
The Debian installer for the (1) shadow 4.0.14 and (2) base-config 2.53.10 packages includes sensitive information in world-readable log files, including preseeded passwords and pppoeconf passwords, which might allow local users to gain privileges.
The Debian installer for the (1) shadow 4.0.14 and (2) base-config 2.53.10 packages includes sensitive information in world-readable log files, including preseeded passwords and pppoeconf passwords, which might allow local users to gain privileges.