Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4453

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2012-4453
Last Modified 07 Jan 2014 11:31:54
Published 09 Oct 2012 07:55:05
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2012-4453

Summary

dracut.sh in dracut, as used in Red Hat Enterprise Linux 6, Fedora 16 and 17, and possibly other products, creates initramfs images with world-readable permissions, which might allow local users to obtain sensitive information.

Vulnerable Systems

Operating System

  • Fedoraproject Fedora 16

  • Fedoraproject Fedora 17

  • Redhat Enterprise Linux 6

Application

  • Fedoraproject Dracut


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=859448

MLIST - [oss-security] 20120927 Re: dracut creates world readable initramfs images

MLIST - [oss-security] 20120927 Re: dracut creates non-world readable initramfs images

MLIST - [oss-security] 20120927 dracut creates non-world readable initramfs images

MISC - http://git.kernel.org/?p=boot/dracut/dracut.git;a=commit;h=e1b48995c26c4f06d1a71

XF - dracut-initramfs-information-disclosure(79258)

BID - 55713

REDHAT - RHSA-2013:1674


Last Updated: 27 May 2016 11:00:56