CVE-2012-4453
dracut: Creates initramfs images with world-readable permissions (information disclosure)
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
dracut.sh in dracut, as used in Red Hat Enterprise Linux 6, Fedora 16 and 17, and possibly other products, creates initramfs images with world-readable permissions, which might allow local users to obtain sensitive information.
dracut.sh en dracut, como se usa en Red Hat Enterprise Linux 6, Fedora 16 y 17 y posiblemente otros productos, crea imágenes initramfs con permisos de lectura en todo el mundo, lo que podría permitir a usuarios locales obtener información sensible.
It was discovered that dracut created initramfs images as world readable. A local user could possibly use this flaw to obtain sensitive information from these files, such as iSCSI authentication passwords, encrypted root file system crypttab passwords, or other information.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2012-08-21 CVE Reserved
- 2012-10-09 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-276: Incorrect Default Permissions
CAPEC
References (9)
URL | Tag | Source |
---|---|---|
http://git.kernel.org/?p=boot/dracut/dracut.git%3Ba=commit%3Bh=e1b48995c26c4f06d1a71 | X_refsource_misc | |
http://www.openwall.com/lists/oss-security/2012/09/27/3 | Mailing List | |
http://www.openwall.com/lists/oss-security/2012/09/27/4 | Mailing List | |
http://www.openwall.com/lists/oss-security/2012/09/27/6 | Mailing List | |
http://www.securityfocus.com/bid/55713 | Third Party Advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/79258 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=859448 | 2013-11-20 |
URL | Date | SRC |
---|---|---|
http://rhn.redhat.com/errata/RHSA-2013-1674.html | 2023-02-13 | |
https://access.redhat.com/security/cve/CVE-2012-4453 | 2013-11-20 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Dracut Project Search vendor "Dracut Project" | Dracut Search vendor "Dracut Project" for product "Dracut" | < 024 Search vendor "Dracut Project" for product "Dracut" and version " < 024" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 16 Search vendor "Fedoraproject" for product "Fedora" and version "16" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 17 Search vendor "Fedoraproject" for product "Fedora" and version "17" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "6.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "6.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "6.0" | - |
Affected
|