Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 27 Sep 2012 13:21:08 -0400
From: Daniel Kahn Gillmor <dkg@...thhorseman.net>
To: oss-security@...ts.openwall.com
CC: Huzaifa Sidhpurwala <huzaifas@...hat.com>
Subject: Re: dracut creates non-world readable initramfs images

On 09/27/2012 05:07 AM, Huzaifa Sidhpurwala wrote:
> Hi All,
> 
> An information disclosure flaw was found in the way dracut, an
> initramfs root filesystem images generator, created initramfs images.
> 
> When the root filesystem contained sensitive information (password
> based authentication for iSCSI systems or encrypted root filesystem
> crypttab password information), an attacker could use this flaw to
> obtain this information.
> 
> This issue has been assigned CVE-2012-4453

the subject line says "creates non-world readable initramfs images".
should that be "creates world-readable initramfs images" instead?

	--dkg

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ