CVE-2006-1183 - The Ubuntu 5.10 installer does not properly clear passwords from the installer log file (questions.d

CVE-2006-1183

Summary

The Ubuntu 5.10 installer does not properly clear passwords from the installer log file (questions.dat), and leaves the log file with world-readable permissions, which allows local users to gain privileges.

References

http://secunia.com/advisories/19200
http://securitytracker.com/id?1015761
http://www.osvdb.org/23868
http://www.securityfocus.com/bid/17086
http://www.vupen.com/english/advisories/2006/0927
https://exchange.xforce.ibmcloud.com/vulnerabilities/25170
https://launchpad.net/distros/ubuntu/+source/shadow/+bug/34606
https://usn.ubuntu.com/262-1/

Vulnerable Configurations

cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:*:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 03-10-2018 - 21:36)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	17086
confirm	https://launchpad.net/distros/ubuntu/+source/shadow/+bug/34606
osvdb	23868
sectrack	1015761
secunia	19200
ubuntu	USN-262-1
vupen	ADV-2006-0927
xf	ubuntu-installer-password-disclosure(25170)

Last major update

03-10-2018 - 21:36

Published

13-03-2006 - 12:18

Last modified

03-10-2018 - 21:36