CVE-2012-4453
First published: Fri Sep 21 2012(Updated: )
An information disclosure flaw was found in the way dracut, an initramfs root filesystem images generator, created initramfs images. When the root filesystem contained sensitive information (password based authentication for iSCSI systems or encrypted root filesystem crypttab password information), an attacker could use this flaw to obtain this information. Acknowledgements: This issue was discovered by Peter Jones of the Red Hat Installer Team.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dracut Project Dracut | <024 | |
| Fedoraproject Fedora | =16 | |
| Fedoraproject Fedora | =17 | |
| Redhat Enterprise Linux Desktop | =6.0 | |
| Redhat Enterprise Linux Server | =6.0 | |
| Redhat Enterprise Linux Workstation | =6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://git.kernel.org/?p=boot/dracut/dracut.git%3Ba=commit%3Bh=e1b48995c26c4f06d1a71
- http://rhn.redhat.com/errata/RHSA-2013-1674.html
- http://www.openwall.com/lists/oss-security/2012/09/27/3
- http://www.openwall.com/lists/oss-security/2012/09/27/4
- http://www.openwall.com/lists/oss-security/2012/09/27/6
- http://www.securityfocus.com/bid/55713
- https://bugzilla.redhat.com/show_bug.cgi?id=859448
- https://exchange.xforce.ibmcloud.com/vulnerabilities/79258
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=616700&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=616700&action=edit
- https://access.redhat.com/security/cve/CVE-2012-4453
- https://github.com/haraldh/dracut/commit/e1b48995c26c4f06d1a718539cb1bd5b0179af91
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=860977
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=859448#c18
- https://github.com/haraldh/dracut/commit/
- http://git.kernel.org/?p=boot/dracut/dracut.git;a=commit;h=e1b48995c26c4f06d1a71
- http://git.kernel.org/?p=boot/dracut/dracut.git;a=commitdiff;h=e1b48995c26c4f06d1a718539cb1bd5b0179af91
- http://dracut.git.sourceforge.net/git/gitweb.cgi?p=dracut/dracut;a=commitdiff;h=e1b48995c26c4f06d1a718539cb1bd5b0179af91
- https://rhn.redhat.com/errata/RHSA-2013-1674.html
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-index
- collector/redhat-bugzilla
- alias/CVE-2012-4453
- vendor/dracut project
- canonical/dracut project dracut
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/16
- version/fedoraproject fedora/17
- vendor/redhat
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/6.0
- canonical/redhat enterprise linux server
- version/redhat enterprise linux server/6.0
- canonical/redhat enterprise linux workstation
- version/redhat enterprise linux workstation/6.0