| CNNVD-ID编号 | CNNVD-200603-221 |
| CVE编号 | CVE-2006-1183 |
| 发布时间 | 2006-03-13 |
| 更新时间 | 2006-03-13 |
| 漏洞类型 | 设计错误 |
| 漏洞来源 | Discovered by Karl ?ie. |
| 危险等级 | 高危 |
| 威胁类型 | 本地 |
| 厂 商 | ubuntu |
Ubuntu 5.10安装器没有妥善从安装器记录文件(questions.dat)中清除掉口令,留下一个全域可读的记录文件,从而本地用户可取得特权。
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Ubuntu Ubuntu Linux 5.10 amd64
Ubuntu initial-passwd-udeb_4.0.3-37ubuntu8_all.udeb
Ubuntu 5.10 (Breezy Badger)
http://security.ubuntu.com/ubuntu/pool/main/s/shadow/initial-passwd-ud eb_4.0.3-37ubuntu8_all.udeb
Ubuntu login_4.0.3-37ubuntu8_amd64.deb
Ubuntu 5.10 (Breezy Badger)
http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.0.3-37ubu ntu8_amd64.deb
Ubuntu login_4.0.3-37ubuntu8_i386.deb
Ubuntu 5.10 (Breezy Badger)
http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.0.3-37ubu ntu8_i386.deb
Ubuntu login_4.0.3-37ubuntu8_powerpc.deb
Ubuntu 5.10 (Breezy Badger)
http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.0.3-37ubu ntu8_powerpc.deb
Ubuntu passwd_4.0.3-37ubuntu8_amd64.deb
Ubuntu 5.10 (Breezy Badger)
http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.0.3-37ub untu8_amd64.deb
Ubuntu passwd_4.0.3-37ubuntu8_i386.deb
Ubuntu 5.10 (Breezy Badger)
http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.0.3-37ub untu8_i386.deb
Ubuntu passwd_4.0.3-37ubuntu8_powerpc.deb
Ubuntu 5.10 (Breezy Badger)
http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.0.3-37ub untu8_powerpc.deb
Ubuntu Ubuntu Linux 5.10 powerpc
Ubuntu initial-passwd-udeb_4.0.3-37ubuntu8_all.udeb
Ubuntu 5.10 (Breezy Badger)
http://security.ubuntu.com/ubuntu/pool/main/s/shadow/initial-passwd-ud eb_4.0.3-37ubuntu8_all.udeb
Ubuntu login_4.0.3-37ubuntu8_amd64.deb
Ubuntu 5.10 (Breezy Badger)
http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.0.3-37ubu ntu8_amd64.deb
Ubuntu login_4.0.3-37ubuntu8_i386.deb
Ubuntu 5.10 (Breezy Badger)
http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.0.3-37ubu ntu8_i386.deb
Ubuntu login_4.0.3-37ubuntu8_powerpc.deb
Ubuntu 5.10 (Breezy Badger)
http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.0.3-37ubu ntu8_powerpc.deb
Ubuntu passwd_4.0.3-37ubuntu8_amd64.deb
Ubuntu 5.10 (Breezy Badger)
http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.0.3-37ub untu8_amd64.deb
Ubuntu passwd_4.0.3-37ubuntu8_i386.deb
Ubuntu 5.10 (Breezy Badger)
http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.0.3-37ub untu8_i386.deb
Ubuntu passwd_4.0.3-37ubuntu8_powerpc.deb
Ubuntu 5.10 (Breezy Badger)
http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.0.3-37ub untu8_powerpc.deb
Ubuntu Ubuntu Linux 5.10 i386
Ubuntu initial-passwd-udeb_4.0.3-37ubuntu8_all.udeb
Ubuntu 5.10 (Breezy Badger)
http://security.ubuntu.com/ubuntu/pool/main/s/shadow/initial-passwd-ud eb_4.0.3-37ubuntu8_all.udeb
Ubuntu login_4.0.3-37ubuntu8_amd64.deb
Ubuntu 5.10 (Breezy Badger)
http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.0.3-37ubu ntu8_amd64.deb
Ubuntu login_4.0.3-37ubuntu8_i386.deb
Ubuntu 5.10 (Breezy Badger)
http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.0.3-37ubu ntu8_i386.deb
Ubuntu login_4.0.3-37ubuntu8_powerpc.deb
Ubuntu 5.10 (Breezy Badger)
http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.0.3-37ubu ntu8_powerpc.deb
Ubuntu passwd_4.0.3-37ubuntu8_amd64.deb
Ubuntu 5.10 (Breezy Badger)
http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.0.3-37ub untu8_amd64.deb
Ubuntu passwd_4.0.3-37ubuntu8_i386.deb
Ubuntu 5.10 (Breezy Badger)
http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.0.3-37ub untu8_i386.deb
Ubuntu passwd_4.0.3-37ubuntu8_powerpc.deb
Ubuntu 5.10 (Breezy Badger)
http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.0.3-37ub untu8_powerpc.deb
来源: UBUNTU
名称: USN-262-1
链接:http://www.ubuntulinux.org/support/documentation/usn/usn-262-1
来源: launchpad.net
链接:https://launchpad.net/distros/ubuntu/+source/shadow/+bug/34606
来源: XF
名称: ubuntu-installer-password-disclosure(25170)
来源: BID
名称: 17086
来源: OSVDB
名称: 23868
来源: VUPEN
名称: ADV-2006-0927
来源: SECTRACK
名称: 1015761