CVE-2006-1183

Ubuntu Linux 5.10 - Unprotected Password Exposure via Installer Log File

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-1183. PoCs published by Kristian Hermansen.

AI-analyzed exploit summary This exploit reads plaintext passwords from Ubuntu Breezy installation logs stored in `/var/log/installer/cdebconf/questions.dat` or `/var/log/debian-installer/cdebconf/questions.dat`. It extracts user details, including real name, username, and password, by parsing the log files.

Description

The Ubuntu 5.10 installer does not properly clear passwords from the installer log file (questions.dat), and leaves the log file with world-readable permissions, which allows local users to gain privileges.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Kristian Hermansen · perllocallinux

https://www.exploit-db.com/exploits/1579

View Code ZIP pw:eip

This exploit reads plaintext passwords from Ubuntu Breezy installation logs stored in `/var/log/installer/cdebconf/questions.dat` or `/var/log/debian-installer/cdebconf/questions.dat`. It extracts user details, including real name, username, and password, by parsing the log files.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Ubuntu Breezy (specific version not specified)

No auth needed

Prerequisites: Access to the target system's filesystem · Presence of vulnerable log files with readable permissions

MITRE ATT&CK