Vulnerability CVE-2008-5103
Published: 2008-11-17   Modified: 2012-02-12

Description:
The (1) python-vm-builder and (2) ubuntu-vm-builder implementations in VMBuilder 0.9 in Ubuntu 8.10 omit the -e option when invoking chpasswd with a root:! argument, which configures the root account with a cleartext password of ! (exclamation point) and allows attackers to bypass intended login restrictions.

Type:

CWE-255

 (Credentials Management)

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Dcgrendel -> Vmbuilder 

 References:
http://www.securityfocus.com/bid/32292
http://secunia.com/advisories/32697
https://bugs.launchpad.net/ubuntu/+source/vm-builder/+bug/296841
http://xforce.iss.net/xforce/xfdb/46603
http://www.ubuntu.com/usn/usn-670-1
http://launchpadlibrarian.net/19619929/vm-builder_0.9-0ubuntu3.1.debdiff
Copyright 2024, cxsecurity.com

 

Back to Top