Local Privilege Escalation Vulnerability in Ubuntu Installer by Canonical
CVE-2006-1183

Currently unrated

Key Information:

Vendor: Ubuntu
Status: Ubuntu Linux
Vendor: CVE Published:; 13 March 2006

What is CVE-2006-1183?

The Ubuntu 5.10 installer is susceptible to a local privilege escalation vulnerability due to improper handling of passwords within the installer log file (questions.dat). This log file, which retains sensitive password information, is accessible with world-readable permissions, thereby potentially exposing local users to unauthorized access and privilege gains.

References

https://usn.ubuntu.com/262-1/

vendor-advisoryx_refsource_UBUNTU

https://launchpad.net/distros/ubuntu/+source/shadow/+bug/...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/17086

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 13, 2006
Vulnerability Reserved
Mar 13, 2006