Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2314

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2012-2314
Last Modified 13 Aug 2012 11:37:16
Published 03 Jul 2012 06:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2012-2314

Summary

The bootloader configuration module (pyanaconda/bootloader.py) in Anaconda uses 755 permissions for /etc/grub.d, which allows local users to obtain password hashes and conduct brute force password guessing attacks.

Vulnerable Systems

Application

  • Fedoraproject Anaconda -


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=819031

MLIST - [oss-security] 20120504 Re: CVE Request -- anaconda: Weak permissions by writing password configuration file in bootloader configuration module

MLIST - [oss-security] 20120504 CVE Request -- anaconda: Weak permissions by writing password configuration file in bootloader configuration module

FEDORA - FEDORA-2012-7579

CONFIRM - http://git.fedorahosted.org/git/?p=anaconda.git;a=commit;h=03ef13b625cc06873a924e0610340f8489fd92df

BID - 53486


Last Updated: 27 May 2016 10:56:36