CVE-2006-1844

Debian Installer - Info Disclosure

Title source: llm

Description

The Debian installer for the (1) shadow 4.0.14 and (2) base-config 2.53.10 packages includes sensitive information in world-readable log files, including preseeded passwords and pppoeconf passwords, which might allow local users to gain privileges.

References (3)

[Patch] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356939

[Vendor Advisory] http://secunia.com/advisories/19170

[Patch] http://www.osvdb.org/23922

Scores

EPSS 0.0007

EPSS Percentile 20.9%

Classification

Status draft

Affected Products (2)

debian/base-config

debian/shadow

Timeline

Published Apr 19, 2006

Tracked Since Feb 18, 2026