Vulnerability Description
debconf in Debian GNU/Linux, when configuring mnogosearch in the mnogosearch-common 3.2.31-1 package, uses the world-readable config.dat file instead of the restricted passwords.dat for storing the cleartext database administrator password in the mnogosearch-common/database_admin_pass record, which allows local users to view the password.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian | Debian Linux | 3.1 |
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=361775
- http://secunia.com/advisories/19589
- http://www.securityfocus.com/bid/17477
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=361775
- http://secunia.com/advisories/19589
- http://www.securityfocus.com/bid/17477
FAQ
What is CVE-2006-1772?
CVE-2006-1772 is a vulnerability with a CVSS score of 7.2 (HIGH). debconf in Debian GNU/Linux, when configuring mnogosearch in the mnogosearch-common 3.2.31-1 package, uses the world-readable config.dat file instead of the restricted passwords.dat for storing the cl...
How severe is CVE-2006-1772?
CVE-2006-1772 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-1772?
Check the references section above for vendor advisories and patch information. Affected products include: Debian Debian Linux.