CVE-2006-3597
First published: Tue Jul 18 2006(Updated: )
passwd before 1:4.0.13 on Ubuntu 6.06 LTS leaves the root password blank instead of locking it when the administrator selects the "Go Back" option after the final "Installation complete" message and uses the main menu, which causes the password to be zeroed out in the installer's memory.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ubuntu Linux | =6.06_lts |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2006-3597?
CVE-2006-3597 is classified as a medium severity vulnerability due to the risk of root access.
How do I fix CVE-2006-3597?
To mitigate CVE-2006-3597, ensure that a root password is set immediately after installation and avoid using the 'Go Back' option during the installation process.
What impact does CVE-2006-3597 have on system security?
CVE-2006-3597 can lead to unauthorized root access if the password is left blank, compromising system security.
Which versions of Ubuntu are affected by CVE-2006-3597?
CVE-2006-3597 affects Ubuntu 6.06 LTS and earlier versions.
Is there a patch available for CVE-2006-3597?
There is no specific patch for CVE-2006-3597, but upgrading to a more recent version of Ubuntu resolves the vulnerability.
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/description
- agent/type
- agent/event
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/ubuntu
- canonical/ubuntu linux
- version/ubuntu linux/6.06_lts