CVE-2006-3597

Published: Jul 18, 2006Modified: Apr 16, 2026

7.2

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 3.9 / Impact: 10.0

Source: NVD

Description

passwd before 1:4.0.13 on Ubuntu 6.06 LTS leaves the root password blank instead of locking it when the administrator selects the "Go Back" option after the final "Installation complete" message and uses the main menu, which causes the password to be zeroed out in the installer's memory.

Affected (1)

Products: Ubuntu: Ubuntu Linux

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ubuntu Ubuntu Linux	Version 6.06_lts

References (6)

http://secunia.com/advisories/21022

Source: cve@mitre.org

PatchVendor Advisory

http://www.osvdb.org/27091

Source: cve@mitre.org

http://www.ubuntu.com/usn/usn-316-1

Source: cve@mitre.org

ExploitPatch

http://secunia.com/advisories/21022

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.osvdb.org/27091

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/usn-316-1

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatch

Timeline

No history available yet.