Vulnerabilities

CVE-2008-5103

by Fred · 17/11/2008

The (1) python-vm-builder and (2) ubuntu-vm-builder implementations in VMBuilder 0.9 in Ubuntu 8.10 omit the -e option when invoking chpasswd with a root:! argument, which configures the root account with a cleartext password of ! (exclamation point) and allows attackers to bypass intended login restrictions.

Date published : 2008-11-17

http://www.securityfocus.com/bid/32292

http://launchpadlibrarian.net/19619929/vm-builder_0.9-0ubuntu3.1.debdiff

Similar

Tags: Cybersecurity Alert