Date: Thu, 27 Sep 2012 13:21:08 -0400 From: Daniel Kahn Gillmor <dkg@...thhorseman.net> To: oss-security@...ts.openwall.com CC: Huzaifa Sidhpurwala <huzaifas@...hat.com> Subject: Re: dracut creates non-world readable initramfs images On 09/27/2012 05:07 AM, Huzaifa Sidhpurwala wrote: > Hi All, > > An information disclosure flaw was found in the way dracut, an > initramfs root filesystem images generator, created initramfs images. > > When the root filesystem contained sensitive information (password > based authentication for iSCSI systems or encrypted root filesystem > crypttab password information), an attacker could use this flaw to > obtain this information. > > This issue has been assigned CVE-2012-4453 the subject line says "creates non-world readable initramfs images". should that be "creates world-readable initramfs images" instead? --dkg
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.