CVE-2006-2442

CVE-2006-2442 affects KPhone, a KDE VoIP client. The issue: kphone 4.2 creates the configuration file .qt/kphonerc with world-readable permissions, allowing local users to read usernames and SIP passwords. Connected advisories (Mandriva/MK, Debian DSA-1062-1, SUSE) confirm the root cause and stat...

CVE-2006-2442

kphone 4.2 creates .qt/kphonerc with world-readable permissions, which allows local users to read usernames and SIP passwords...

Default credentials

The 1 shadow password file in na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 has world readable permissions, which allows local users to view encrypted passwords; and the 2 NetAccess database file has world readable and writable permissions, which allows local users to view sensitive...

CVE-2006-2045

The 1 shadow password file in na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 has world readable permissions, which allows local users to view encrypted passwords; and the 2 NetAccess database file has world readable and writable permissions, which allows local users to view sensitive...

CVE-2006-2045

The 1 shadow password file in na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 has world readable permissions, which allows local users to view encrypted passwords; and the 2 NetAccess database file has world readable and writable permissions, which allows local users to view sensitive...

CVE-2006-2045

CVE-2006-2045 concerns IP3 Networks NetAccess NA75. The shadow password file in na-img-4.0.34.bin is world-readable, enabling local users to view encrypted passwords; the NetAccess database file is world-readable and world-writable, enabling local users to view sensitive data and modify it. No ex...

DEBIAN-CVE-2006-1844

The Debian installer for the 1 shadow 4.0.14 and 2 base-config 2.53.10 packages includes sensitive information in world-readable log files, including preseeded passwords and pppoeconf passwords, which might allow local users to gain privileges...

Default credentials

debconf in Debian GNU/Linux, when configuring mnogosearch in the mnogosearch-common 3.2.31-1 package, uses the world-readable config.dat file instead of the restricted passwords.dat for storing the cleartext database administrator password in the mnogosearch-common/databaseadminpass record, which...

samba -- Exposure of machine account credentials in winbind log files

Samba Security Advisory: The machine trust account password is the secret shared between a domain controller and a specific member server. Access to the member server machine credentials allows an attacker to impersonate the server in the domain and gain access to additional information regarding...

Code injection

The Ubuntu 5.10 installer does not properly clear passwords from the installer log file questions.dat, and leaves the log file with world-readable permissions, which allows local users to gain privileges...

CVE-2006-1183

The Ubuntu 5.10 installer does not properly clear passwords from the installer log file questions.dat, and leaves the log file with world-readable permissions, which allows local users to gain privileges...

CVE-2006-1183

Summary (CVE-2006-1183) : The Ubuntu 5.10 installer leaves passwords in the installer log (questions.dat) and creates world-readable logs, enabling local privilege escalation. Affected component: the Ubuntu 5.10 installer’s logging mechanism. Root cause: passwords are not cleared from logs and lo...

CVE-2006-1183

The Ubuntu 5.10 installer does not properly clear passwords from the installer log file questions.dat, and leaves the log file with world-readable permissions, which allows local users to gain privileges...

CVE-2006-1183

The Ubuntu 5.10 installer does not properly clear passwords from the installer log file questions.dat, and leaves the log file with world-readable permissions, which allows local users to gain privileges...

[USN-262-1] Ubuntu 5.10 installer password disclosure

=========================================================== Ubuntu Security Notice USN-262-1 March 12, 2006 Ubuntu 5.10 installer vulnerability https://launchpad.net/bugs/34606 =========================================================== A security issue affects the following Ubuntu releases: Ubun...

Ubuntu 5.10 : Ubuntu 5.10 installer vulnerability (USN-262-1)

Karl Oie discovered that the Ubuntu 5.10 installer failed to clean passwords in the installer log files. Since these files were world-readable, any local user could see the password of the first user account, which has full sudo privileges by default. The updated packages remove the passwords and...

Ubuntu 5.10 Installer - Password Disclosure

Ubuntu 5.10 Installer - Password Disclosure !/usr/bin/perl -w use warnings; use strict; Author: Kristian Hermansen Date: 3/12/2006 Overview: Ubuntu Breezy stores the installation password in plain text Link: https://launchpad.net/distros/ubuntu/+source/shadow/+bug/34606 print "\n"; print "Kristia...

Code injection

IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 has world-readable permissions for 1 /etc/neusecure.conf, 2 /opt/NeuSecure/etc/cms-3.0.236.buildconf, and 3 /opt/NeuSecure/bin/nsarchiver.log, which allows local users to read sensitive information such as passwords. NOTE: IBM has privately confirmed...

CVE-2006-0837

Affected product: IBM Tivoli Netcool/NeuSecure 3.0.236. Issue: world-readable permissions on (1) /etc/neusecure.conf, (2) /opt/NeuSecure/etc/cms-3.0.236.buildconf, and (3) /opt/NeuSecure/bin/ns_archiver.log, enabling local users to read sensitive information such as passwords. Impact: local infor...

CVE-2006-0837

IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 has world-readable permissions for 1 /etc/neusecure.conf, 2 /opt/NeuSecure/etc/cms-3.0.236.buildconf, and 3 /opt/NeuSecure/bin/nsarchiver.log, which allows local users to read sensitive information such as passwords. NOTE: IBM has privately confirmed...