oss-sec mailing list archives
Re: dracut creates non-world readable initramfs images
From: Daniel Kahn Gillmor <dkg () fifthhorseman net>
Date: Thu, 27 Sep 2012 13:21:08 -0400
On 09/27/2012 05:07 AM, Huzaifa Sidhpurwala wrote:
Hi All, An information disclosure flaw was found in the way dracut, an initramfs root filesystem images generator, created initramfs images. When the root filesystem contained sensitive information (password based authentication for iSCSI systems or encrypted root filesystem crypttab password information), an attacker could use this flaw to obtain this information. This issue has been assigned CVE-2012-4453
the subject line says "creates non-world readable initramfs images".
should that be "creates world-readable initramfs images" instead?
--dkg
Current thread:
- dracut creates non-world readable initramfs images Huzaifa Sidhpurwala (Sep 27)
- Re: dracut creates non-world readable initramfs images Daniel Kahn Gillmor (Sep 27)
- Re: dracut creates world readable initramfs images Kurt Seifried (Sep 27)
- Re: dracut creates world readable initramfs images Daniel Kahn Gillmor (Sep 27)
- Re: dracut creates world readable initramfs images Kurt Seifried (Sep 27)
- Re: dracut creates non-world readable initramfs images Daniel Kahn Gillmor (Sep 27)