Required CVE Record Information
Description
The save_log_local function in Fully Automatic Installation (FAI) 2.10.1, and possibly 3.1.2, when verbose mode is enabled, stores the root password hash in /var/log/fai/current/fai.log, whose file permissions allow it to be copied to other hosts when fai-savelog is called and allows attackers to obtain the hash.
References 5 Total
- secunia.com: 23330 third-party-advisory
- exchange.xforce.ibmcloud.com: fai-log-file-info-disclosure(30892) vdb-entry
- vupen.com: ADV-2006-4995 vdb-entry
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=402644
- securityfocus.com: 21579 vdb-entry
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 5 Total
- secunia.com: 23330 third-party-advisoryx_transferred
- exchange.xforce.ibmcloud.com: fai-log-file-info-disclosure(30892) vdb-entryx_transferred
- vupen.com: ADV-2006-4995 vdb-entryx_transferred
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=402644 x_transferred
- securityfocus.com: 21579 vdb-entryx_transferred