Debian GNU/Linux Local Information Disclosure Vulnerability
BID:17122
Info
Debian GNU/Linux Local Information Disclosure Vulnerability
| Bugtraq ID: | 17122 |
| Class: | Design Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Mar 15 2006 12:00AM |
| Updated: | Mar 17 2006 05:55PM |
| Credit: | This issue was disclosed by the vendor. |
| Vulnerable: |
Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 |
| Not Vulnerable: | |
Discussion
Debian GNU/Linux Local Information Disclosure Vulnerability
Debian GNU/Linux is susceptible to a local information-disclosure vulnerability. This issue is due to the installation system improperly storing sensitive information in world-readable files.
This issue allows local users to gain access to sensitive information that may aid them in further attacks. If the affected computer was installed using an automated installation process, the pre-seeded superuser password may be available to attackers, facilitating the complete compromise of the computer.
Debian GNU/Linux is susceptible to a local information-disclosure vulnerability. This issue is due to the installation system improperly storing sensitive information in world-readable files.
This issue allows local users to gain access to sensitive information that may aid them in further attacks. If the affected computer was installed using an automated installation process, the pre-seeded superuser password may be available to attackers, facilitating the complete compromise of the computer.
Exploit / POC
Debian GNU/Linux Local Information Disclosure Vulnerability
An exploit is not required.
An exploit is not required.
Solution / Fix
Debian GNU/Linux Local Information Disclosure Vulnerability
Solution:
Debian has released fixed packages to address this issue. Please see the referenced bug report logs for further information.
Users are encouraged to use the 'apt-get' utility to download and install fixes.
Solution:
Debian has released fixed packages to address this issue. Please see the referenced bug report logs for further information.
Users are encouraged to use the 'apt-get' utility to download and install fixes.
References
Debian GNU/Linux Local Information Disclosure Vulnerability
References:
References:
- Debian Bug report logs - #254068 (Debian)
- Debian Bug report logs - #356845 (Debian)
- Debian Bug report logs - #356939 (Debian)
- Debian Homepage (Debian)