CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
45.4%
The (1) python-vm-builder and (2) ubuntu-vm-builder implementations in VMBuilder 0.9 in Ubuntu 8.10 omit the -e option when invoking chpasswd with a root:! argument, which configures the root account with a cleartext password of ! (exclamation point) and allows attackers to bypass intended login restrictions.
Vendor | Product | Version | CPE |
---|---|---|---|
dcgrendel | vmbuilder | 0.9 | cpe:2.3:a:dcgrendel:vmbuilder:0.9:*:*:*:*:*:*:* |
ubuntu | ubuntu_linux | 6.06 | cpe:2.3:o:ubuntu:ubuntu_linux:6.06:_nil_:lts:*:*:*:*:* |
ubuntu | ubuntu_linux | 7.10 | cpe:2.3:o:ubuntu:ubuntu_linux:7.10:*:*:*:*:*:*:* |
ubuntu | ubuntu_linux | 8.04 | cpe:2.3:o:ubuntu:ubuntu_linux:8.04:_nil_:lts:*:*:*:*:* |
ubuntu | ubuntu_linux | 8.10 | cpe:2.3:o:ubuntu:ubuntu_linux:8.10:*:*:*:*:*:*:* |