Lucene search
HistoryNov 17, 2008 - 6:18 p.m.
CVE-2008-5103
CVSS2
7.2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
AI Score
6.7
Confidence
Low
EPSS
0.001
Percentile
45.4%
The (1) python-vm-builder and (2) ubuntu-vm-builder implementations in VMBuilder 0.9 in Ubuntu 8.10 omit the -e option when invoking chpasswd with a root:! argument, which configures the root account with a cleartext password of ! (exclamation point) and allows attackers to bypass intended login restrictions.
Affected configurations
Node
dcgrendelvmbuilderMatch0.9
ubuntuubuntu_linuxMatch6.06_nil_lts
ORubuntuubuntu_linuxMatch7.10
ORubuntuubuntu_linuxMatch8.04_nil_lts
ORubuntuubuntu_linuxMatch8.10
| Vendor | Product | Version | CPE |
|---|---|---|---|
| dcgrendel | vmbuilder | 0.9 | cpe:2.3:a:dcgrendel:vmbuilder:0.9:*:*:*:*:*:*:* |
| ubuntu | ubuntu_linux | 6.06 | cpe:2.3:o:ubuntu:ubuntu_linux:6.06:_nil_:lts:*:*:*:*:* |
| ubuntu | ubuntu_linux | 7.10 | cpe:2.3:o:ubuntu:ubuntu_linux:7.10:*:*:*:*:*:*:* |
| ubuntu | ubuntu_linux | 8.04 | cpe:2.3:o:ubuntu:ubuntu_linux:8.04:_nil_:lts:*:*:*:*:* |
| ubuntu | ubuntu_linux | 8.10 | cpe:2.3:o:ubuntu:ubuntu_linux:8.10:*:*:*:*:*:*:* |
Related
prion
prion
Design/Logic Flaw
2008-11-17 18:18:00
cvelist
cvelist
CVE-2008-5103
2008-11-17 18:00:00
cve
cve
CVE-2008-5103
2008-11-17 18:18:48
ubuntucve
ubuntucve
CVE-2008-5103
2008-11-17 00:00:00
openvas
openvas
Ubuntu Update for vm-builder vulnerability USN-670-1
2009-03-23 00:00:00
nessus
nessus
CVSS2
7.2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
AI Score
6.7
Confidence
Low
EPSS
0.001
Percentile
45.4%
Related for NVD:CVE-2008-5103