CVE-2012-4453
First published: Fri Sep 21 2012(Updated: )
An information disclosure flaw was found in the way dracut, an initramfs root filesystem images generator, created initramfs images. When the root filesystem contained sensitive information (password based authentication for iSCSI systems or encrypted root filesystem crypttab password information), an attacker could use this flaw to obtain this information. Acknowledgements: This issue was discovered by Peter Jones of the Red Hat Installer Team.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dracut | <024 | |
| Fedora | =16 | |
| Fedora | =17 | |
| Red Hat Enterprise Linux Desktop | =6.0 | |
| Red Hat Enterprise Linux Server | =6.0 | |
| Red Hat Enterprise Linux Workstation | =6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=616700&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=616700&action=edit
- https://access.redhat.com/security/cve/CVE-2012-4453
- https://github.com/haraldh/dracut/commit/e1b48995c26c4f06d1a718539cb1bd5b0179af91
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=860977
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=859448#c18
- https://github.com/haraldh/dracut/commit/
- http://git.kernel.org/?p=boot/dracut/dracut.git;a=commit;h=e1b48995c26c4f06d1a71
- http://git.kernel.org/?p=boot/dracut/dracut.git;a=commitdiff;h=e1b48995c26c4f06d1a718539cb1bd5b0179af91
- http://dracut.git.sourceforge.net/git/gitweb.cgi?p=dracut/dracut;a=commitdiff;h=e1b48995c26c4f06d1a718539cb1bd5b0179af91
- https://rhn.redhat.com/errata/RHSA-2013-1674.html
- https://bugzilla.redhat.com/show_bug.cgi?id=859448
- http://git.kernel.org/?p=boot/dracut/dracut.git%3Ba=commit%3Bh=e1b48995c26c4f06d1a71
- http://rhn.redhat.com/errata/RHSA-2013-1674.html
- http://www.openwall.com/lists/oss-security/2012/09/27/3
- http://www.openwall.com/lists/oss-security/2012/09/27/4
- http://www.openwall.com/lists/oss-security/2012/09/27/6
- http://www.securityfocus.com/bid/55713
- https://exchange.xforce.ibmcloud.com/vulnerabilities/79258
Frequently Asked Questions
What is the severity of CVE-2012-4453?
CVE-2012-4453 is classified as an information disclosure vulnerability.
How do I fix CVE-2012-4453?
To address CVE-2012-4453, upgrade to a version of dracut that is not vulnerable, specifically version 024 or later.
Which versions of dracut are affected by CVE-2012-4453?
CVE-2012-4453 affects dracut versions prior to 024.
What kind of information is disclosed due to CVE-2012-4453?
CVE-2012-4453 can disclose sensitive information such as passwords for iSCSI authentication or encrypted root filesystem crypttab passwords.
Which operating systems are affected by CVE-2012-4453?
CVE-2012-4453 affects Fedora versions 16 and 17, as well as Red Hat Enterprise Linux Desktop, Server, and Workstation version 6.0.
- collector/redhat-bugzilla
- alias/CVE-2012-4453
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- agent/references
- agent/author
- agent/remedy
- agent/severity
- agent/weakness
- agent/event
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/dracut project
- canonical/dracut
- vendor/fedoraproject
- canonical/fedora
- version/fedora/16
- version/fedora/17
- vendor/redhat
- canonical/red hat enterprise linux desktop
- version/red hat enterprise linux desktop/6.0
- canonical/red hat enterprise linux server
- version/red hat enterprise linux server/6.0
- canonical/red hat enterprise linux workstation
- version/red hat enterprise linux workstation/6.0