Description
The Debian installer for the (1) shadow 4.0.14 and (2) base-config 2.53.10 packages includes sensitive information in world-readable log files, including preseeded passwords and pppoeconf passwords, which might allow local users to gain privileges.
Affected products
- Debian / base-config2.53.10 – 2.53.10
- Debian / shadow4.0.14 – 4.0.14
References
- VENDOR_ADVISORYhttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356939
- MISChttp://www.osvdb.org/23922
- VENDOR_ADVISORYhttp://secunia.com/advisories/19170