CVE-2007-5686

ADVISORY - debian

Summary

initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.

shadow (unimportant) See #290803, on Debian LOG_UNKFAIL_ENAB in login.defs is set to no so unknown usernames are not recorded on login failures

EPSS Score⁠: 0.00245 (0.479)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-264⁠

Permissions, Privileges, and Access Controls

Impacted images

Advisories

NIST

CREATED

18 years ago

UPDATED

1 month ago

ADVISORY IDCVE-2007-5686⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

4.9medium

Debian

CREATED

18 years ago

UPDATED

4 hours ago

ADVISORY IDCVE-2007-5686⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow