CVE-2006-3597 : passwd before 1:4.0.13 on Ubuntu 6.06 LTS leaves the root password blank instead of locking it when the administrator se

passwd before 1:4.0.13 on Ubuntu 6.06 LTS leaves the root password blank instead of locking it when the administrator selects the "Go Back" option after the final "Installation complete" message and uses the main menu, which causes the password to be zeroed out in the installer's memory.

Published 2006-07-18 15:37:00

Updated 2008-09-05 21:07:34

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2006-3597

Probability of exploitation activity in the next 30 days: 0.09%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 35 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2006-3597

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

References for CVE-2006-3597

http://www.ubuntu.com/usn/usn-316-1

Exploit;Patch

Products affected by CVE-2006-3597

Ubuntu » Ubuntu Linux » Version: 6.06 Lts
cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2006-3597

Exploit prediction scoring system (EPSS) score for CVE-2006-3597

CVSS scores for CVE-2006-3597

References for CVE-2006-3597

Products affected by CVE-2006-3597