Ubuntu Linux本地安装口令泄露漏洞
| CNNVD-ID编号 | CNNVD-200603-221 | CVE编号 | CVE-2006-1183 |
| 发布时间 | 2006-03-13 | 更新时间 | 2006-03-13 |
| 漏洞类型 | 设计错误 | 漏洞来源 | Discovered by Karl ?ie. |
| 危险等级 | 高危 | 威胁类型 | 本地 |
| 厂商 | ubuntu | ||
漏洞介绍
Ubuntu 5.10安装器没有妥善从安装器记录文件(questions.dat)中清除掉口令,留下一个全域可读的记录文件,从而本地用户可取得特权。
漏洞补丁
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Ubuntu Ubuntu Linux 5.10 amd64
Ubuntu initial-passwd-udeb_4.0.3-37ubuntu8_all.udeb
Ubuntu 5.10 (Breezy Badger)
http://security.ubuntu.com/ubuntu/pool/main/s/shadow/initial-passwd-ud eb_4.0.3-37ubuntu8_all.udeb
Ubuntu login_4.0.3-37ubuntu8_amd64.deb
Ubuntu 5.10 (Breezy Badger)
http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.0.3-37ubu ntu8_amd64.deb
Ubuntu login_4.0.3-37ubuntu8_i386.deb
Ubuntu 5.10 (Breezy Badger)
http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.0.3-37ubu ntu8_i386.deb
Ubuntu login_4.0.3-37ubuntu8_powerpc.deb
Ubuntu 5.10 (Breezy Badger)
http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.0.3-37ubu ntu8_powerpc.deb
Ubuntu passwd_4.0.3-37ubuntu8_amd64.deb
Ubuntu 5.10 (Breezy Badger)
http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.0.3-37ub untu8_amd64.deb
Ubuntu passwd_4.0.3-37ubuntu8_i386.deb
Ubuntu 5.10 (Breezy Badger)
http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.0.3-37ub untu8_i386.deb
Ubuntu passwd_4.0.3-37ubuntu8_powerpc.deb
Ubuntu 5.10 (Breezy Badger)
http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.0.3-37ub untu8_powerpc.deb
Ubuntu Ubuntu Linux 5.10 powerpc
Ubuntu initial-passwd-udeb_4.0.3-37ubuntu8_all.udeb
Ubuntu 5.10 (Breezy Badger)
http://security.ubuntu.com/ubuntu/pool/main/s/shadow/initial-passwd-ud eb_4.0.3-37ubuntu8_all.udeb
Ubuntu login_4.0.3-37ubuntu8_amd64.deb
Ubuntu 5.10 (Breezy Badger)
http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.0.3-37ubu ntu8_amd64.deb
Ubuntu login_4.0.3-37ubuntu8_i386.deb
Ubuntu 5.10 (Breezy Badger)
http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.0.3-37ubu ntu8_i386.deb
Ubuntu login_4.0.3-37ubuntu8_powerpc.deb
Ubuntu 5.10 (Breezy Badger)
http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.0.3-37ubu ntu8_powerpc.deb
Ubuntu passwd_4.0.3-37ubuntu8_amd64.deb
Ubuntu 5.10 (Breezy Badger)
http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.0.3-37ub untu8_amd64.deb
Ubuntu passwd_4.0.3-37ubuntu8_i386.deb
Ubuntu 5.10 (Breezy Badger)
http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.0.3-37ub untu8_i386.deb
Ubuntu passwd_4.0.3-37ubuntu8_powerpc.deb
Ubuntu 5.10 (Breezy Badger)
http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.0.3-37ub untu8_powerpc.deb
Ubuntu Ubuntu Linux 5.10 i386
Ubuntu initial-passwd-udeb_4.0.3-37ubuntu8_all.udeb
Ubuntu 5.10 (Breezy Badger)
http://security.ubuntu.com/ubuntu/pool/main/s/shadow/initial-passwd-ud eb_4.0.3-37ubuntu8_all.udeb
Ubuntu login_4.0.3-37ubuntu8_amd64.deb
Ubuntu 5.10 (Breezy Badger)
http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.0.3-37ubu ntu8_amd64.deb
Ubuntu login_4.0.3-37ubuntu8_i386.deb
Ubuntu 5.10 (Breezy Badger)
http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.0.3-37ubu ntu8_i386.deb
Ubuntu login_4.0.3-37ubuntu8_powerpc.deb
Ubuntu 5.10 (Breezy Badger)
http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.0.3-37ubu ntu8_powerpc.deb
Ubuntu passwd_4.0.3-37ubuntu8_amd64.deb
Ubuntu 5.10 (Breezy Badger)
http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.0.3-37ub untu8_amd64.deb
Ubuntu passwd_4.0.3-37ubuntu8_i386.deb
Ubuntu 5.10 (Breezy Badger)
http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.0.3-37ub untu8_i386.deb
Ubuntu passwd_4.0.3-37ubuntu8_powerpc.deb
Ubuntu 5.10 (Breezy Badger)
http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.0.3-37ub untu8_powerpc.deb
参考网址
来源: UBUNTU
名称: USN-262-1
链接:http://www.ubuntulinux.org/support/documentation/usn/usn-262-1
来源: launchpad.net
链接:https://launchpad.net/distros/ubuntu/+source/shadow/+bug/34606
来源: XF
名称: ubuntu-installer-password-disclosure(25170)
链接:http://xforce.iss.net/xforce/xfdb/25170
来源: BID
名称: 17086
链接:http://www.securityfocus.com/bid/17086
来源: OSVDB
名称: 23868
来源: VUPEN
名称: ADV-2006-0927
链接:http://www.frsirt.com/english/advisories/2006/0927
来源: SECTRACK
名称: 1015761
链接:http://securitytracker.com/id?1015761
受影响实体
Ubuntu Ubuntu_linux:5.10信息来源
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200603-221
评论