Vulnerability Details CVE-2007-5686
initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 43.1%
CVSS Severity
CVSS v2 Score 4.9
References
- http://secunia.com/advisories/27215
- http://www.securityfocus.com/archive/1/482129/100/100/threaded
- http://www.securityfocus.com/archive/1/482857/100/0/threaded
- http://www.securityfocus.com/bid/26048
- http://www.vupen.com/english/advisories/2007/3474
- https://issues.rpath.com/browse/RPL-1825
- http://secunia.com/advisories/27215
- http://www.securityfocus.com/archive/1/482129/100/100/threaded
- http://www.securityfocus.com/archive/1/482857/100/0/threaded
- http://www.securityfocus.com/bid/26048
- http://www.vupen.com/english/advisories/2007/3474
- https://issues.rpath.com/browse/RPL-1825
Products affected by CVE-2007-5686
-
cpe:2.3:o:rpath:rpath_linux:1