Date: Thu, 27 Sep 2012 13:21:08 -0400 From: Daniel Kahn Gillmor <dkg@...thhorseman.net> To: oss-security@...ts.openwall.com CC: Huzaifa Sidhpurwala <huzaifas@...hat.com> Subject: Re: dracut creates non-world readable initramfs images On 09/27/2012 05:07 AM, Huzaifa Sidhpurwala wrote: > Hi All, > > An information disclosure flaw was found in the way dracut, an > initramfs root filesystem images generator, created initramfs images. > > When the root filesystem contained sensitive information (password > based authentication for iSCSI systems or encrypted root filesystem > crypttab password information), an attacker could use this flaw to > obtain this information. > > This issue has been assigned CVE-2012-4453 the subject line says "creates non-world readable initramfs images". should that be "creates world-readable initramfs images" instead? --dkg
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ