CVE-2008-5103

Sažetak

The (1) python-vm-builder and (2) ubuntu-vm-builder implementations in VMBuilder 0.9 in Ubuntu 8.10 omit the -e option when invoking chpasswd with a root:! argument, which configures the root account with a cleartext password of ! (exclamation point) and allows attackers to bypass intended login restrictions.

Reference

http://launchpadlibrarian.net/19619929/vm-builder_0.9-0ubuntu3.1.debdiff
http://osvdb.org/49996
http://secunia.com/advisories/32697
http://www.securityfocus.com/bid/32292
http://www.ubuntu.com/usn/usn-670-1
https://bugs.launchpad.net/ubuntu/+source/vm-builder/+bug/296841
https://exchange.xforce.ibmcloud.com/vulnerabilities/46603

CVSS

Base:	7.2
Impact:	10.0
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

08-08-2017 - 01:33

Objavljeno

17-11-2008 - 18:18