Date: Thu, 27 Sep 2012 14:37:28 +0530 From: Huzaifa Sidhpurwala <huzaifas@...hat.com> To: oss-security@...ts.openwall.com Subject: dracut creates non-world readable initramfs images Hi All, An information disclosure flaw was found in the way dracut, an initramfs root filesystem images generator, created initramfs images. When the root filesystem contained sensitive information (password based authentication for iSCSI systems or encrypted root filesystem crypttab password information), an attacker could use this flaw to obtain this information. This issue has been assigned CVE-2012-4453 Reference: https://bugzilla.redhat.com/show_bug.cgi?id=859448 Patch: http://git.kernel.org/?p=boot/dracut/dracut.git;a=commit;h=e1b48995c26c4f06d1a71 -- Huzaifa Sidhpurwala / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ