CVE-2006-6614 in Linux
Summary
by MITRE
The save_log_local function in Fully Automatic Installation (FAI) 2.10.1, and possibly 3.1.2, when verbose mode is enabled, stores the root password hash in /var/log/fai/current/fai.log, whose file permissions allow it to be copied to other hosts when fai-savelog is called and allows attackers to obtain the hash.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 08/10/2018
The vulnerability identified as CVE-2006-6614 resides within the Fully Automatic Installation (FAI) framework version 2.10.1 and potentially 3.1.2, presenting a critical security flaw in the system's logging mechanism. This issue manifests when the verbose mode is activated during installation processes, creating a scenario where sensitive authentication data becomes inadvertently exposed through improper file access controls. The FAI system, designed for automated server provisioning and configuration, fails to adequately protect privileged information during its operational logging activities, creating a significant attack surface for malicious actors seeking unauthorized system access.
The technical flaw stems from the save_log_local function implementation within FAI, which directly writes the root password hash to a log file located at /var/log/fai/current/fai.log. This function operates under the assumption that verbose mode logging should capture comprehensive system information for troubleshooting purposes, yet it fails to distinguish between general operational data and sensitive authentication credentials. The vulnerability is exacerbated by the file permissions assigned to the log file, which permit arbitrary copying operations when the fai-savelog utility is executed, effectively allowing unauthorized users to retrieve the password hash from the log file and potentially compromise system security. This represents a clear violation of information protection principles and demonstrates poor access control implementation.
The operational impact of this vulnerability extends beyond simple credential exposure, as it fundamentally undermines the security posture of systems relying on FAI for automated deployment. Attackers who gain access to the log file can immediately obtain the root password hash, enabling them to perform offline password cracking attacks or directly leverage the hash for system compromise. The vulnerability affects systems where FAI is used for server provisioning, particularly in enterprise environments where automated deployment tools are common. The exposure of password hashes through logging mechanisms violates fundamental security practices and creates opportunities for privilege escalation attacks that could lead to complete system compromise. This vulnerability aligns with CWE-312 (Sensitive Data Exposure) and represents a critical failure in secure logging practices as defined by security standards and best practices.
Mitigation strategies for this vulnerability require immediate implementation of proper file access controls and logging security measures. System administrators should modify file permissions on the fai.log file to prevent unauthorized copying operations and ensure that sensitive data is not stored in accessible locations during automated installation processes. The recommended approach involves implementing restrictive file permissions that prevent the fai-savelog utility from copying files containing authentication data, while also considering the implementation of secure logging practices that separate operational data from privileged information. Additionally, organizations should conduct regular security audits of automated deployment tools to identify similar vulnerabilities and implement proper access control mechanisms that align with the principle of least privilege as outlined in industry security frameworks. The vulnerability demonstrates the critical importance of secure configuration management and proper privilege separation in automated system deployment environments.