Family: Fedora Local Security Checks --> Category: infos
Fedora Core 4 2006-511: busybox Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the busybox package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory FEDORA-2006-511 (busybox).
Busybox is a single binary which includes versions of a large number
of system commands, including a shell. This package can be very
useful for recovering from certain types of system failures,
particularly those involving broken shared libraries.
The BusyBox passwd command does not use a proper salt when
generating passwords. This would create an instance where a
brute force attack could take very little time.
This problem is fixed in busybox-1.00-5.fc4.
Solution : Get the newest Fedora Updates
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.