[Forgot Password]
Login  Register Subscribe

23631

 
 

115083

 
 

97545

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2008-5103

Date: (C)2008-11-17   (M)2017-08-08
 
CVSS Score: 7.2Access Vector: LOCAL
Exploitability Subscore: 3.9Access Complexity: LOW
Impact Subscore: 10.0Authentication: NONE
 Confidentiality: COMPLETE
 Integrity: COMPLETE
 Availability: COMPLETE











The (1) python-vm-builder and (2) ubuntu-vm-builder implementations in VMBuilder 0.9 in Ubuntu 8.10 omit the -e option when invoking chpasswd with a root:! argument, which configures the root account with a cleartext password of ! (exclamation point) and allows attackers to bypass intended login restrictions.

Reference:
BID-32292
SECUNIA-32697
OSVDB-49996
USN-670-1
http://launchpadlibrarian.net/19619929/vm-builder_0.9-0ubuntu3.1.debdiff
https://bugs.launchpad.net/ubuntu/+source/vm-builder/+bug/296841
vmbuilder-password-weak-security(46603)

CWE    1
CWE-255

© 2013 SecPod Technologies