CVE-2006-3597

4 documents4 sources

Severity

7.2HIGH

EPSS

0.1%

top 82.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ubuntu Ubuntu Linux

Timeline

PublishedJul 18

Latest updateMay 1

Description

passwd before 1:4.0.13 on Ubuntu 6.06 LTS leaves the root password blank instead of locking it when the administrator selects the "Go Back" option after the final "Installation complete" message and uses the main menu, which causes the password to be zeroed out in the installer's memory.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages0 packages

Also affects: Ubuntu Linux 6.06_lts

Patches

Patch: secunia.com ↗Patch: www.ubuntu.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-hj97-79w3-656v: passwd before 1:4↗2022-05-01

▶

CVEList

CVE-2006-3597: passwd before 1:4↗2006-07-14

▶

📋Vendor Advisories

Debian

CVE-2006-3597: shadow - passwd before 1:4.0.13 on Ubuntu 6.06 LTS leaves the root password blank instead...↗2006

▶