CVE-2006-6614

NameCVE-2006-6614
DescriptionThe save_log_local function in Fully Automatic Installation (FAI) 2.10.1, and possibly 3.1.2, when verbose mode is enabled, stores the root password hash in /var/log/fai/current/fai.log, whose file permissions allow it to be copied to other hosts when fai-savelog is called and allows attackers to obtain the hash.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs402644

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
fai (PTS)bullseye5.10.3fixed
bookworm6.0.3+deb12u1fixed
forky, sid, trixie6.4.3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
faisource(unstable)3.1.3low402644

Notes

[sarge] - fai <no-dsa> (Minor issue, only in rare configs and use cases)
Search for package or bug name: Reporting problems