Lucene search
Ubuntu.comUB:CVE-2008-5103HistoryNov 17, 2008 - 12:00 a.m.
CVE-2008-5103
2008-11-1700:00:00
ubuntu.com
ubuntu.com
10
CVSS2
7.2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
EPSS
0.001
Percentile
45.4%
The (1) python-vm-builder and (2) ubuntu-vm-builder implementations in
VMBuilder 0.9 in Ubuntu 8.10 omit the -e option when invoking chpasswd with
a root:! argument, which configures the root account with a cleartext
password of ! (exclamation point) and allows attackers to bypass intended
login restrictions.
Notes
| Author | Note |
|---|---|
| jdstrand | Ubuntu 8.04 LTS fixed this previously in 0.4-0ubuntu0.1 |
Related
prion
prion
Design/Logic Flaw
2008-11-17 18:18:00
cvelist
cvelist
CVE-2008-5103
2008-11-17 18:00:00
nvd
nvd
CVE-2008-5103
2008-11-17 18:18:48
cve
cve
CVE-2008-5103
2008-11-17 18:18:48
openvas
openvas
Ubuntu Update for vm-builder vulnerability USN-670-1
2009-03-23 00:00:00
nessus
nessus
CVSS2
7.2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
EPSS
0.001
Percentile
45.4%
Related for UB:CVE-2008-5103