Bug#360578: busybox: passwd uses null salt (weak encryption) [CVE-2006-1058]

To: Debian BTS Submit <submit@bugs.debian.org>
Subject: Bug#360578: busybox: passwd uses null salt (weak encryption) [CVE-2006-1058]
From: Martin Pitt <martin.pitt@ubuntu.com>
Date: Mon, 3 Apr 2006 14:03:36 +0200
Message-id: <[🔎] 20060403120336.GH5711@piware.de>
Reply-to: Martin Pitt <martin.pitt@ubuntu.com>, 360578@bugs.debian.org

Package: busybox
Version: 1.01-4
Severity: normal
Tags: security yatch

busybox' passwd always uses an empty salt for md5 passwords, so that
passwords can be broken much faster (with fast table-based
approaches). Please see [1] for the upstream bug report and [2] for
the Ubuntu patch.

Thank you,

Martin

[1] http://bugs.busybox.net/view.php?id=604
[2] http://patches.ubuntu.com/patches/busybox.CVE-2006-1058.diff

-- 
Martin Pitt        http://www.piware.de
Ubuntu Developer   http://www.ubuntu.com
Debian Developer   http://www.debian.org

In a world without walls and fences, who needs Windows and Gates?

Attachment: signature.asc
Description: Digital signature

Reply to:

Prev by Date: Bug#360506: installation-reports
Next by Date: Bug#360570: marked as done ((no subject))
Previous by thread: Bug#360570: marked as done ((no subject))
Next by thread: Bug#360121: install failed on P4S800 mobo with Geforce MX200 graphics card
Index(es):
- Date
- Thread