First published: Mon Dec 18 2006(Updated: )
The save_log_local function in Fully Automatic Installation (FAI) 2.10.1, and possibly 3.1.2, when verbose mode is enabled, stores the root password hash in /var/log/fai/current/fai.log, whose file permissions allow it to be copied to other hosts when fai-savelog is called and allows attackers to obtain the hash.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Thomas Lange Fully Automated Installation | =2.1 | |
Thomas Lange Fully Automated Installation | =3.1.2 | |
Debian Debian Linux | =3.1 | |
Debian Debian Linux | =3.1 | |
Debian Debian Linux | =3.1 | |
Debian Debian Linux | =3.1 | |
Debian Debian Linux | =3.1 | |
Debian Debian Linux | =3.1 | |
Debian Debian Linux | =3.1 | |
Debian Debian Linux | =3.1 | |
Debian Debian Linux | =3.1 | |
Debian Debian Linux | =3.1 | |
Debian Debian Linux | =3.1 | |
Debian Debian Linux | =3.1 | |
Debian Debian Linux | =3.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.