| Vulnerability Name: | CVE-2006-3597 (CCN-27891) | ||||||||
| Assigned: | 2006-07-12 | ||||||||
| Published: | 2006-07-12 | ||||||||
| Updated: | 2008-09-05 | ||||||||
| Summary: | passwd before 1:4.0.13 on Ubuntu 6.06 LTS leaves the root password blank instead of locking it when the administrator selects the "Go Back" option after the final "Installation complete" message and uses the main menu, which causes the password to be zeroed out in the installer's memory. | ||||||||
| CVSS v3 Severity: | 9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C) 5.3 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
5.3 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||
| References: | Source: MITRE Type: CNA CVE-2006-3597 Source: CCN Type: SA21022 Ubuntu Installer Empty Root Password Security Issue Source: SECUNIA Type: Patch, Vendor Advisory 21022 Source: OSVDB Type: UNKNOWN 27091 Source: CCN Type: OSVDB ID: 27091 Ubuntu Linux Alternate/Server CD Installer Empty root Password Source: CCN Type: USN-316-1 installer vulnerability Source: UBUNTU Type: Exploit, Patch USN-316-1 Source: XF Type: UNKNOWN ubuntu-passwd-password-privilege-escalation(27891) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||