CVE-2006-1844

5 documents5 sources
Severity
2.1LOW
EPSS
0.1%
top 78.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian Base-configDebian Shadow
Timeline
PublishedApr 19
Latest updateMay 1

Description

The Debian installer for the (1) shadow 4.0.14 and (2) base-config 2.53.10 packages includes sensitive information in world-readable log files, including preseeded passwords and pppoeconf passwords, which might allow local users to gain privileges.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages3 packages

NVDdebian/base-config2.53.10
NVDdebian/shadow4.0.14
Debianshadow< 1:4.0.14-9+3

Patches

Patch: bugs.debian.orgPatch: www.osvdb.orgPatch: bugs.debian.org

🔴Vulnerability Details

3
GHSA
GHSA-f7w6-w5p4-76pj: The Debian installer for the (1) shadow 42022-05-01
CVEList
CVE-2006-1844: The Debian installer for the (1) shadow 42006-04-19
OSV
CVE-2006-1844: The Debian installer for the (1) shadow 42006-04-19

📋Vendor Advisories

1
Debian
CVE-2006-1844: shadow - The Debian installer for the (1) shadow 4.0.14 and (2) base-config 2.53.10 packa...2006
CVE-2006-1844 (LOW CVSS 2.1) | The Debian installer for the (1) sh | cvebase.io