Local Privilege Escalation Vulnerability in Debian Installer Components
CVE-2006-1844

Currently unrated

Key Information:

Vendor: Debian
Status: Base-config; Shadow
Vendor: CVE Published:; 19 April 2006

Summary

The Debian installer for certain package versions exposes sensitive data, including preseeded passwords and pppoeconf passwords, in world-readable log files. This oversight can allow local users to exploit the information, potentially leading to privilege escalation on the system.

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356939

x_refsource_CONFIRM

http://www.osvdb.org/23922

vdb-entryx_refsource_OSVDB

http://secunia.com/advisories/19170

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Apr 19, 2006