| ID |
CVE-2006-1058
|
| Summary |
BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local users to guess passwords from a stolen password file using techniques such as rainbow tables. |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:busybox:busybox:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.1.1:*:*:*:*:*:*:*
-
cpe:2.3:a:avaya:message_networking:*:*:*:*:*:*:*:*
cpe:2.3:a:avaya:message_networking:*:*:*:*:*:*:*:*
-
cpe:2.3:a:avaya:aura_sip_enablement_services:*:*:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_sip_enablement_services:*:*:*:*:*:*:*:*
-
cpe:2.3:a:avaya:aura_application_enablement_services:4.01:*:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_application_enablement_services:4.01:*:*:*:*:*:*:*
-
cpe:2.3:a:avaya:aura_application_enablement_services:4.1:*:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_application_enablement_services:4.1:*:*:*:*:*:*:*
-
cpe:2.3:a:avaya:messaging_storage_server:3.0:*:*:*:*:*:*:*
cpe:2.3:a:avaya:messaging_storage_server:3.0:*:*:*:*:*:*:*
|
| CVSS |
| Base: | 2.1 (as of 09-02-2024 - 03:05) |
| Impact: | |
| Exploitability: | |
|
| CWE |
CWE-916 |
| CAPEC |
-
Rainbow Table Password Cracking
An attacker gets access to the database table where hashes of passwords are stored. He then uses a rainbow table of pre-computed hash chains to attempt to look up the original password. Once the original password corresponding to the hash is obtained, the attacker uses the original password to gain access to the system. A password rainbow table stores hash chains for various passwords. A password chain is computed, starting from the original password, P, via a reduce(compression) function R and a hash function H. A recurrence relation exists where Xi+1 = R(H(Xi)), X0 = P. Then the hash chain of length n for the original password P can be formed: X1, X2, X3, ... , Xn-2, Xn-1, Xn, H(Xn). P and H(Xn) are then stored together in the rainbow table. Constructing the rainbow tables takes a very long time and is computationally expensive. A separate table needs to be constructed for the various hash algorithms (e.g. SHA1, MD5, etc.). However, once a rainbow table is computed, it can be very effective in cracking the passwords that have been hashed without the use of salt.
|
| Access |
| Vector | Complexity | Authentication |
| LOCAL |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| PARTIAL |
NONE |
NONE |
|
| cvss-vector
via4
|
AV:L/AC:L/Au:N/C:P/I:N/A:N
|
| oval
via4
|
| accepted | 2013-04-29T04:19:41.563-04:00 | | class | vulnerability | | contributors | | name | Aharon Chernin | | organization | SCAP.com, LLC |
| name | Dragos Prisaca | | organization | G2, Inc. |
| | definition_extensions | | comment | The operating system installed on the system is Red Hat Enterprise Linux 4 | | oval | oval:org.mitre.oval:def:11831 |
| comment | CentOS Linux 4.x | | oval | oval:org.mitre.oval:def:16636 |
| comment | Oracle Linux 4.x | | oval | oval:org.mitre.oval:def:15990 |
| | description | BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local users to guess passwords from a stolen password file using techniques such as rainbow tables. | | family | unix | | id | oval:org.mitre.oval:def:9483 | | status | accepted | | submitted | 2010-07-09T03:56:16-04:00 | | title | BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local users to guess passwords from a stolen password file using techniques such as rainbow tables. | | version | 29 |
|
| redhat
via4
|
| advisories | | bugzilla | | id | 1618027 | | title | CVE-2006-1058 security flaw |
| | oval | | OR | | comment | Red Hat Enterprise Linux must be installed | | oval | oval:com.redhat.rhba:tst:20070304026 |
| AND | | comment | Red Hat Enterprise Linux 4 is installed | | oval | oval:com.redhat.rhba:tst:20070304025 |
| OR | | AND | | comment | busybox is earlier than 0:1.00.rc1-7.el4 | | oval | oval:com.redhat.rhsa:tst:20070244001 |
| comment | busybox is signed with Red Hat master key | | oval | oval:com.redhat.rhsa:tst:20070244002 |
|
| AND | | comment | busybox-anaconda is earlier than 0:1.00.rc1-7.el4 | | oval | oval:com.redhat.rhsa:tst:20070244003 |
| comment | busybox-anaconda is signed with Red Hat master key | | oval | oval:com.redhat.rhsa:tst:20070244004 |
|
|
|
|
| | rhsa | | id | RHSA-2007:0244 | | released | 2007-05-01 | | severity | Low | | title | RHSA-2007:0244: busybox security update (Low) |
|
| | rpms | - busybox-0:1.00.rc1-7.el4
- busybox-anaconda-0:1.00.rc1-7.el4
- busybox-debuginfo-0:1.00.rc1-7.el4
|
|
| refmap
via4
|
| bid | 17330 | | confirm | | | secunia | | | xf | busybox-passwd-weak-security(25569) |
|
| statements
via4
|
| contributor | Mark J Cox | | lastmodified | 2006-09-19 | | organization | Red Hat | | statement | Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187385
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here:
http://www.redhat.com/security/updates/classification/
This issue does not affect Red Hat Enterprise Linux 2.1 or 3. |
|
| Last major update |
09-02-2024 - 03:05 |
| Published |
04-04-2006 - 10:04 |
| Last modified |
09-02-2024 - 03:05 |
