[Forgot Password]
Login  Register Subscribe

24128

 
 

131615

 
 

114563

 
 

909

 
 

88860

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2008-5103Date: (C)2008-11-17   (M)2018-02-19


The (1) python-vm-builder and (2) ubuntu-vm-builder implementations in VMBuilder 0.9 in Ubuntu 8.10 omit the -e option when invoking chpasswd with a root:! argument, which configures the root account with a cleartext password of ! (exclamation point) and allows attackers to bypass intended login restrictions.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.2
Exploit Score: 3.9
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
BID-32292
SECUNIA-32697
OSVDB-49996
USN-670-1
http://launchpadlibrarian.net/19619929/vm-builder_0.9-0ubuntu3.1.debdiff
https://bugs.launchpad.net/ubuntu/+source/vm-builder/+bug/296841
vmbuilder-password-weak-security(46603)

CWE    1
CWE-255

© SecPod Technologies