cvelistv5 - cve-2006-1058

CVE-2006-1058 (GCVE-0-2006-1058)

Vulnerability from cvelistv5

Published

2006-04-04 10:00

Modified

2024-08-07 16:56

Severity ?

CWE

Summary

BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local users to guess passwords from a stolen password file using techniques such as rainbow tables.

References

URL

Tags

	http://secunia.com/advisories/25098	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/bid/17330	vdb-entry, x_refsource_BID
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9483	vdb-entry, signature, x_refsource_OVAL
	http://secunia.com/advisories/19477	third-party-advisory, x_refsource_SECUNIA
	http://bugs.busybox.net/view.php?id=604	x_refsource_CONFIRM
	http://secunia.com/advisories/25848	third-party-advisory, x_refsource_SECUNIA
	http://support.avaya.com/elmodocs2/security/ASA-2007-250.htm	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2007-0244.html	vendor-advisory, x_refsource_REDHAT
	https://exchange.xforce.ibmcloud.com/vulnerabilities/25569	vdb-entry, x_refsource_XF

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T16:56:15.493Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "25098",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25098"
          },
          {
            "name": "17330",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/17330"
          },
          {
            "name": "oval:org.mitre.oval:def:9483",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9483"
          },
          {
            "name": "19477",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19477"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.busybox.net/view.php?id=604"
          },
          {
            "name": "25848",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25848"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-250.htm"
          },
          {
            "name": "RHSA-2007:0244",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0244.html"
          },
          {
            "name": "busybox-passwd-weak-security(25569)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25569"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-12-19T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local users to guess passwords from a stolen password file using techniques such as rainbow tables."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T00:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "25098",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25098"
        },
        {
          "name": "17330",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/17330"
        },
        {
          "name": "oval:org.mitre.oval:def:9483",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9483"
        },
        {
          "name": "19477",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19477"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.busybox.net/view.php?id=604"
        },
        {
          "name": "25848",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25848"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-250.htm"
        },
        {
          "name": "RHSA-2007:0244",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0244.html"
        },
        {
          "name": "busybox-passwd-weak-security(25569)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25569"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2006-1058",
    "datePublished": "2006-04-04T10:00:00.000Z",
    "dateReserved": "2006-03-07T00:00:00.000Z",
    "dateUpdated": "2024-08-07T16:56:15.493Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2006-AVI-354

Vulnerability from certfr_avis

None

Description

De multiples vulnérabilités dans le noyau Linux de la branche 2.4 ont été identifiées. Elles permettent à un utilisateur distant de réaliser un déni de service. Elles permettent également à un utilisateur local de provoquer un déni de service, d'élever ses privilèges, de contourner la politique de sécurité ou de porter atteinte à la confidentialité des données du système vulnérable.

Solution

La version 2.4.33 de la branche 2.4 du noyau Linux corrige le problème :

http://www.kernel.org/

Les noyaux Linux de la branche 2.4 versions 2.4.32 et antérieures.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Liste des changements apportés à la version 2.4.33 du noyau Linux	None	vendor-advisory
Liste des changements apportés à la version 2.4.33 du noyau Linux :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eLes noyaux Linux de la branche 2.4  versions 2.4.32 et ant\u00e9rieures.\u003c/p\u003e",
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de la branche 2.4 ont\n\u00e9t\u00e9 identifi\u00e9es. Elles permettent \u00e0 un utilisateur distant de r\u00e9aliser\nun d\u00e9ni de service. Elles permettent \u00e9galement \u00e0 un utilisateur local de\nprovoquer un d\u00e9ni de service, d\u0027\u00e9lever ses privil\u00e8ges, de contourner la\npolitique de s\u00e9curit\u00e9 ou de porter atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es du syst\u00e8me vuln\u00e9rable.\n\n## Solution\n\nLa version 2.4.33 de la branche 2.4 du noyau Linux corrige le probl\u00e8me :\n\n    http://www.kernel.org/\n",
  "cves": [
    {
      "name": "CVE-2006-1525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-1525"
    },
    {
      "name": "CVE-2006-1858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-1858"
    },
    {
      "name": "CVE-2006-2271",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2271"
    },
    {
      "name": "CVE-2006-2272",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2272"
    },
    {
      "name": "CVE-2006-0039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-0039"
    },
    {
      "name": "CVE-2006-1058",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-1058"
    },
    {
      "name": "CVE-2006-1857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-1857"
    },
    {
      "name": "CVE-2006-1864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-1864"
    },
    {
      "name": "CVE-2006-2274",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2274"
    }
  ],
  "initial_release_date": "2006-08-14T00:00:00",
  "last_revision_date": "2006-08-14T00:00:00",
  "links": [
    {
      "title": "Liste des changements apport\u00e9s \u00e0 la version 2.4.33 du noyau    Linux :",
      "url": "http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.33"
    }
  ],
  "reference": "CERTA-2006-AVI-354",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2006-08-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": null,
  "title": "Multiples vuln\u00e9rabilit\u00e9s du noyau Linux 2.4",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Liste des changements apport\u00e9s \u00e0 la version 2.4.33 du noyau Linux",
      "url": null
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2006-1058 (GCVE-0-2006-1058)

Vulnerability from cvelistv5

CERTA-2006-AVI-354

Vulnerability from certfr_avis

Description

Solution

Tags

Sightings

Nomenclature