CVE-2006-1058 — MEDIUM (5.5)

Q: What is CVE-2006-1058?

CVE-2006-1058 is a vulnerability with a CVSS score of 5.5 (MEDIUM). BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local users to guess passwords from a stolen password file using techniques such as rainbow tables.

Q: How severe is CVE-2006-1058?

CVE-2006-1058 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2006-1058?

Check the references section above for vendor advisories and patch information. Affected products include: Busybox Busybox, Avaya Aura Application Enablement Services, Avaya Aura Sip Enablement Services, Avaya Message Networking, Avaya Messaging Storage Server.

Vulnerability Description

BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local users to guess passwords from a stolen password file using techniques such as rainbow tables.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Busybox	Busybox	1.1.1
Avaya	Aura Application Enablement Services	4.01
Avaya	Aura Sip Enablement Services	< 5.0
Avaya	Message Networking	All versions
Avaya	Messaging Storage Server	>= 3.0, < 4.0

Related Weaknesses (CWE)

CWE-916

References

http://bugs.busybox.net/view.php?id=604Broken Link
http://secunia.com/advisories/19477Broken LinkVendor Advisory
http://secunia.com/advisories/25098Broken Link
http://secunia.com/advisories/25848Broken Link
http://support.avaya.com/elmodocs2/security/ASA-2007-250.htmThird Party Advisory
http://www.redhat.com/support/errata/RHSA-2007-0244.htmlBroken Link
http://www.securityfocus.com/bid/17330Broken LinkThird Party AdvisoryVDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/25569Third Party AdvisoryVDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Broken Link
http://bugs.busybox.net/view.php?id=604Broken Link
http://secunia.com/advisories/19477Broken LinkVendor Advisory
http://secunia.com/advisories/25098Broken Link
http://secunia.com/advisories/25848Broken Link
http://support.avaya.com/elmodocs2/security/ASA-2007-250.htmThird Party Advisory
http://www.redhat.com/support/errata/RHSA-2007-0244.htmlBroken Link

FAQ

What is CVE-2006-1058?

CVE-2006-1058 is a vulnerability with a CVSS score of 5.5 (MEDIUM). BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local users to guess passwords from a stolen password file using techniques such as rainbow tables.

How severe is CVE-2006-1058?

CVE-2006-1058 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2006-1058?

Check the references section above for vendor advisories and patch information. Affected products include: Busybox Busybox, Avaya Aura Application Enablement Services, Avaya Aura Sip Enablement Services, Avaya Message Networking, Avaya Messaging Storage Server.