livecd-tools: improper handling of passwords

2013.05.25
Credit: Brian C. Lane
Risk: High
Local: Yes
Remote: No
CVE: CVE-2013-2069
CWE: CWE-264


CVSS Base Score: 7.2/10
Impact Subscore: 10/10
Exploitability Subscore: 3.9/10
Exploit range: Local
Attack complexity: Low
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

https://bugzilla.redhat.com/show_bug.cgi?id=964299 The livecd-tools package provides support for reading and executing Kickstart files in order to create a system image. It was discovered that livecd-tools gave the root user an empty password rather than leaving the password locked in situations where no 'rootpw' directive was used or when the 'rootpw --lock' directive was used within the Kickstart file, which could allow local users to gain access to the root account. (CVE-2013-2069) Please note that livecd-tools is also used by appliance-tools to create images used for virtual machines, USB based systems, and so on. Additionally, the Python script components of livecd-tools have been broken out into a separate package named python-imgcreate on some distributions (such as Fedora). Acknowledgements: Red Hat would like to thank Amazon Web Services for reporting this issue. Amazon Web Services acknowledges Sylvain Beucler as the original reporter.

References:

http://seclists.org/oss-sec/2013/q2/398
https://aws.amazon.com/security/security-bulletins/red-hat-and-other-third-party-public-amis-security-concern/


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top