Описание
Red Hat livecd-tools before 13.4.4, 17.x before 17.17, 18.x before 18.16, and 19.x before 19.3, when a rootpw directive is not set in a Kickstart file, sets the root user password to empty, which allows local users to gain privileges.
It was discovered that when used to create images, livecd-tools gave the root user an empty password rather than leaving the password locked in situations where no 'rootpw' directive was used or when the 'rootpw --lock' directive was used within the Kickstart file, which could allow local users to gain access to the root account.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | ec2-images | Affected | ||
| Red Hat Enterprise Linux 6 | ec2-images | Affected | ||
| Red Hat JBoss Enterprise Application Platform 6 | distribution | Affected | ||
| Red Hat JBoss Enterprise Web Server 1 | eap-5 | Affected | ||
| Red Hat Storage 2.1 | ami | Affected | ||
| Red Hat Enterprise Linux Server (v. 6) | Fixed | RHSA-2013:0849 | 23.05.2013 |
Показывать по
Дополнительная информация
Статус:
7.2 High
CVSS2
Связанные уязвимости
Red Hat livecd-tools before 13.4.4, 17.x before 17.17, 18.x before 18.16, and 19.x before 19.3, when a rootpw directive is not set in a Kickstart file, sets the root user password to empty, which allows local users to gain privileges.
Red Hat livecd-tools before 13.4.4, 17.x before 17.17, 18.x before 18.16, and 19.x before 19.3, when a rootpw directive is not set in a Kickstart file, sets the root user password to empty, which allows local users to gain privileges.
7.2 High
CVSS2