oss-sec mailing list archives
dracut creates non-world readable initramfs images
From: Huzaifa Sidhpurwala <huzaifas () redhat com>
Date: Thu, 27 Sep 2012 14:37:28 +0530
Hi All, An information disclosure flaw was found in the way dracut, an initramfs root filesystem images generator, created initramfs images. When the root filesystem contained sensitive information (password based authentication for iSCSI systems or encrypted root filesystem crypttab password information), an attacker could use this flaw to obtain this information. This issue has been assigned CVE-2012-4453 Reference: https://bugzilla.redhat.com/show_bug.cgi?id=859448 Patch: http://git.kernel.org/?p=boot/dracut/dracut.git;a=commit;h=e1b48995c26c4f06d1a71 -- Huzaifa Sidhpurwala / Red Hat Security Response Team
Current thread:
- dracut creates non-world readable initramfs images Huzaifa Sidhpurwala (Sep 27)
- Re: dracut creates non-world readable initramfs images Daniel Kahn Gillmor (Sep 27)
- Re: dracut creates world readable initramfs images Kurt Seifried (Sep 27)
- Re: dracut creates world readable initramfs images Daniel Kahn Gillmor (Sep 27)
- Re: dracut creates world readable initramfs images Kurt Seifried (Sep 27)
- Re: dracut creates non-world readable initramfs images Daniel Kahn Gillmor (Sep 27)