CVE-2008-5103

Опубликовано: 17 нояб. 2008

Источник: nvd

CVSS2: 7.2

EPSS Низкий

Описание

The (1) python-vm-builder and (2) ubuntu-vm-builder implementations in VMBuilder 0.9 in Ubuntu 8.10 omit the -e option when invoking chpasswd with a root:! argument, which configures the root account with a cleartext password of ! (exclamation point) and allows attackers to bypass intended login restrictions.

Ссылки

http://launchpadlibrarian.net/19619929/vm-builder_0.9-0ubuntu3.1.debdiff
Exploit
http://osvdb.org/49996
http://secunia.com/advisories/32697
Patch
Vendor Advisory
http://www.securityfocus.com/bid/32292
Patch
http://www.ubuntu.com/usn/usn-670-1
Vendor Advisory
https://bugs.launchpad.net/ubuntu/+source/vm-builder/+bug/296841
https://exchange.xforce.ibmcloud.com/vulnerabilities/46603
http://launchpadlibrarian.net/19619929/vm-builder_0.9-0ubuntu3.1.debdiff
Exploit
http://osvdb.org/49996
http://secunia.com/advisories/32697
Patch
Vendor Advisory
http://www.securityfocus.com/bid/32292
Patch
http://www.ubuntu.com/usn/usn-670-1
Vendor Advisory
https://bugs.launchpad.net/ubuntu/+source/vm-builder/+bug/296841
https://exchange.xforce.ibmcloud.com/vulnerabilities/46603

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:dcgrendel:vmbuilder:0.9:*:*:*:*:*:*:*

Одно из

cpe:2.3:o:ubuntu:ubuntu_linux:6.06:_nil_:lts:*:*:*:*:*

cpe:2.3:o:ubuntu:ubuntu_linux:7.10:*:*:*:*:*:*:*

cpe:2.3:o:ubuntu:ubuntu_linux:8.04:_nil_:lts:*:*:*:*:*

cpe:2.3:o:ubuntu:ubuntu_linux:8.10:*:*:*:*:*:*:*

EPSS

Процентиль: 19%

0.0006

Низкий

7.2 High

CVSS2

Дефекты

CWE-255

Связанные уязвимости

CVE-2008-5103

ubuntu

около 17 лет назад

GHSA-pvrm-qvx6-xc5g

github

больше 3 лет назад