| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 8.2 | $5k-$25k | 0.68 |
A vulnerability, which was classified as critical, was found in Ubuntu passwd 1:4.0.13. This is going to have an impact on confidentiality, integrity, and availability.
The weakness was presented 07/18/2006 by Iwan Pieterse (Website). It is possible to read the advisory at ubuntu.com. This vulnerability is uniquely identified as CVE-2006-3597 since 07/14/2006. The exploitability is told to be easy. Attacking locally is a requirement. No form of authentication is needed for exploitation. The technical details are unknown and an exploit is not publicly available. The pricing for an exploit might be around USD $5k-$25k at the moment (estimation calculated on 07/12/2021).
After before and not just, there has been an exploit disclosed. The vulnerability was handled as a non-public zero-day exploit for at least 1 days. During that time the estimated underground price was around $5k-$25k. The vulnerability scanner Nessus provides a plugin with the ID 27892 (Ubuntu 6.06 LTS : Installer vulnerability (USN-316-1)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Ubuntu Local Security Checks.
It is possible to mitigate the problem by adding an authentication mechanism.
The vulnerability is also documented in the databases at X-Force (27891), Secunia (SA21022), Vulnerability Center (SBV-28975) and Tenable (27892).
Vendor
Name
VulDB Meta Base Score: 8.4
VulDB Meta Temp Score: 8.2
VulDB Base Score: 8.4
VulDB Temp Score: 8.2
VulDB Vector: 🔍
VulDB Reliability: 🔍
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 🔍 | 🔍 | 🔍 | 🔍 | 🔍 | 🔍 |
| 🔍 | 🔍 | 🔍 | 🔍 | 🔍 | 🔍 |
| 🔍 | 🔍 | 🔍 | 🔍 | 🔍 | 🔍 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Class: Unknown
CWE: Unknown
ATT&CK: Unknown
Local: Yes
Remote: No
Availability: 🔍
Status: Not defined
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | unlock | unlock | unlock | unlock |
|---|---|---|---|---|
| Today | unlock | unlock | unlock | unlock |
Nessus ID: 27892
Nessus Name: Ubuntu 6.06 LTS : Installer vulnerability (USN-316-1)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Port: 🔍
Threat Intelligence
Interest: 🔍
Active Actors: 🔍
Active APT Groups: 🔍Recommended: Authentication
Status: 🔍
0-Day Time: 🔍
07/12/2006 🔍
07/12/2006 🔍
07/13/2006 🔍
07/13/2006 🔍
07/14/2006 🔍
07/18/2006 🔍
07/18/2006 🔍
11/10/2007 🔍
01/05/2011 🔍
03/12/2015 🔍
01/05/2017 🔍
07/12/2021 🔍Vendor: https://www.ubuntu.com/
Advisory: ubuntu.com
Researcher: Iwan Pieterse
Status: Not defined
CVE: CVE-2006-3597 (🔍)
Secunia: 21022 – Ubuntu Installer Empty Root Password Security Issue, Less Critical
X-Force: 27891
Vulnerability Center: 28975 – Ubuntu 6.06 LTS may Leave the root Password Blank, Medium
OSVDB: 27091 – Ubuntu Linux Alternate/Server CD Installer Empty root Password
Created: 03/12/2015 14:25
Updated: 07/12/2021 17:11
Changes: (3) source_nessus_risk exploit_price_0day vulnerability_cvss2_nvd_basescore
Complete: 🔍
Check our Alexa App!
