Package: busybox Version: 1.01-4 Severity: normal Tags: security yatch busybox' passwd always uses an empty salt for md5 passwords, so that passwords can be broken much faster (with fast table-based approaches). Please see [1] for the upstream bug report and [2] for the Ubuntu patch.
Thank you, Martin [1] http://bugs.busybox.net/view.php?id=604 [2] http://patches.ubuntu.com/patches/busybox.CVE-2006-1058.diff -- Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntu.com Debian Developer http://www.debian.org In a world without walls and fences, who needs Windows and Gates?
signature.asc
Description: Digital signature
