CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
EPSS
Percentile
5.1%
Issue Overview:
It was discovered that dracut created initramfs images as world readable. A local user could possibly use this flaw to obtain sensitive information from these files, such as iSCSI authentication passwords, encrypted root file system crypttab passwords, or other information. (CVE-2012-4453)
Affected Packages:
dracut
Issue Correction:
Run yum update dracut to update your system.
New Packages:
noarch:
dracut-tools-004-336.21.amzn1.noarch
dracut-004-336.21.amzn1.noarch
dracut-caps-004-336.21.amzn1.noarch
dracut-kernel-004-336.21.amzn1.noarch
dracut-fips-004-336.21.amzn1.noarch
dracut-generic-004-336.21.amzn1.noarch
dracut-fips-aesni-004-336.21.amzn1.noarch
dracut-network-004-336.21.amzn1.noarch
src:
dracut-004-336.21.amzn1.src
Red Hat: CVE-2012-4453
Mitre: CVE-2012-4453
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 1 | noarch | dracut-tools | < 004-336.21.amzn1 | dracut-tools-004-336.21.amzn1.noarch.rpm |
Amazon Linux | 1 | noarch | dracut | < 004-336.21.amzn1 | dracut-004-336.21.amzn1.noarch.rpm |
Amazon Linux | 1 | noarch | dracut-caps | < 004-336.21.amzn1 | dracut-caps-004-336.21.amzn1.noarch.rpm |
Amazon Linux | 1 | noarch | dracut-kernel | < 004-336.21.amzn1 | dracut-kernel-004-336.21.amzn1.noarch.rpm |
Amazon Linux | 1 | noarch | dracut-fips | < 004-336.21.amzn1 | dracut-fips-004-336.21.amzn1.noarch.rpm |
Amazon Linux | 1 | noarch | dracut-generic | < 004-336.21.amzn1 | dracut-generic-004-336.21.amzn1.noarch.rpm |
Amazon Linux | 1 | noarch | dracut-fips-aesni | < 004-336.21.amzn1 | dracut-fips-aesni-004-336.21.amzn1.noarch.rpm |
Amazon Linux | 1 | noarch | dracut-network | < 004-336.21.amzn1 | dracut-network-004-336.21.amzn1.noarch.rpm |