CVE-2007-5686

ADVISORY - debian

Summary

initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.

shadow (unimportant) See #290803, on Debian LOG_UNKFAIL_ENAB in login.defs is set to no so unknown usernames are not recorded on login failures

EPSS Score⁠: 0.00245 (0.477)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-264⁠

Permissions, Privileges, and Access Controls

Impacted images

Advisories

Debian

CREATED

18 years ago

UPDATED

5 hours ago

ADVISORY IDCVE-2007-5686⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Package	Type	OS Name	OS Version	Affected Ranges	Fix Versions
debian/shadow	deb	debian	12	>=1:4.13+dfsg1-1+deb12u1	Not yet available
debian/shadow	deb	debian	unstable	>=1:4.17.4-2	Not yet available
debian/shadow	deb	debian	11	>=1:4.8.1-1	Not yet available
debian/shadow	deb	debian	13	>=1:4.17.4-2	Not yet available

Severity and metrics

No CVSS data available from this advisory.

NIST