CVE-2006-1058

Description

BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local users to guess passwords from a stolen password file using techniques such as rainbow tables.

CVSS breakdown

Affected products

• Avaya / aura_application_enablement_services4.01 – 4.01
• Avaya / aura_application_enablement_services4.1 – 4.1
• Avaya / aura_sip_enablement_services5.0
• Avaya / message_networking
• Avaya / messaging_storage_server3.0 – 4.0
• BusyBox / BusyBox1.1.1 – 1.1.1

References

• VENDOR_ADVISORYhttp://secunia.com/advisories/25098
• MISChttp://www.securityfocus.com/bid/17330
• MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9483
• VENDOR_ADVISORYhttp://secunia.com/advisories/19477
• MISChttp://bugs.busybox.net/view.php?id=604
• VENDOR_ADVISORYhttp://secunia.com/advisories/25848
• MISChttp://support.avaya.com/elmodocs2/security/ASA-2007-250.htm
• MISChttp://www.redhat.com/support/errata/RHSA-2007-0244.html
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/25569