Lucene search

[email protected]CVE-2012-2314

HistoryJul 03, 2012 - 10:55 p.m.

CVE-2012-2314

2012-07-0322:55:01

CWE-264

[email protected]

web.nvd.nist.gov

cve-2012-2314

anaconda

bootloader

/etc/grub.d

permissions

local users

password hashes

brute force

vulnerability

6.5 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.2%

JSON

The bootloader configuration module (pyanaconda/bootloader.py) in Anaconda uses 755 permissions for /etc/grub.d, which allows local users to obtain password hashes and conduct brute force password guessing attacks.

Affected configurations

NVD

Node

fedoraprojectanacondaMatch-

CPENameOperatorVersion
fedoraproject:anacondafedoraproject anacondaeq-

CPE	Name	Operator	Version
fedoraproject:anaconda	fedoraproject anaconda	eq	-

References

git.fedorahosted.org/git/?p=anaconda.git%3Ba=commit%3Bh=03ef13b625cc06873a924e0610340f8489fd92df

lists.fedoraproject.org/pipermail/package-announce/2012-May/080188.html

www.openwall.com/lists/oss-security/2012/05/04/10

www.openwall.com/lists/oss-security/2012/05/04/12

www.openwall.com/lists/oss-security/2024/01/15/3

www.securityfocus.com/bid/53486

bugzilla.redhat.com/show_bug.cgi?id=819031

6.5 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2012-2314

nessus1 nvd1 prion1 openvas2 fedora1 cvelist1