Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.1
CVSSv2

CVE-2012-4453

Published: 09/10/2012 Updated: 13/02/2023
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
VMScore: 187
Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Dracut

Vulnerability Summary

dracut.sh in dracut, as used in Red Hat Enterprise Linux 6, Fedora 16 and 17, and possibly other products, creates initramfs images with world-readable permissions, which might allow local users to obtain sensitive information.

Vulnerable Product Search on Vulmon Subscribe to Product

dracut project dracut

fedoraproject fedora 17

fedoraproject fedora 16

redhat enterprise linux desktop 6.0

redhat enterprise linux server 6.0

redhat enterprise linux workstation 6.0

Vendor Advisories

Red Hat: Moderate: dracut security, bug fix, and enhancement update
Synopsis Moderate: dracut security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic Updated dracut packages that fix one security issue, several bugs, and addtwo enhancements are now available for Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this up ...
Debian CVElist Bug Report Logs: dracut: CVE-2012-4453: creates non-world readable initramfs images
Debian Bug report logs - #688956 dracut: CVE-2012-4453: creates non-world readable initramfs images Package: dracut; Maintainer for dracut is Thomas Lange <lange@debianorg>; Source for dracut is src:dracut (PTS, buildd, popcon) Reported by: Henri Salo <henri@nervfi> Date: Thu, 27 Sep 2012 11:36:01 UTC Severity: im ...
Amazon Linux AMI: ALAS-2013-257
It was discovered that dracut created initramfs images as world readable A local user could possibly use this flaw to obtain sensitive information from these files, such as iSCSI authentication passwords, encrypted root file system crypttab passwords, or other information (CVE-2012-4453) ...

References

CWE-276http://www.openwall.com/lists/oss-security/2012/09/27/4http://www.openwall.com/lists/oss-security/2012/09/27/6https://bugzilla.redhat.com/show_bug.cgi?id=859448http://www.openwall.com/lists/oss-security/2012/09/27/3http://www.securityfocus.com/bid/55713http://rhn.redhat.com/errata/RHSA-2013-1674.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/79258http://git.kernel.org/?p=boot/dracut/dracut.git%3Ba=commit%3Bh=e1b48995c26c4f06d1a71https://access.redhat.com/errata/RHSA-2013:1674https://nvd.nist.govhttps://alas.aws.amazon.com/ALAS-2013-257.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322CVE-2006-4304wirelessCVE-2023-23022local file inclusionCVE-2024-27058CVE-2024-33820open redirectCVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook