CVE-2013-2069
First published: Fri May 17 2013(Updated: )
Red Hat livecd-tools before 13.4.4, 17.x before 17.17, 18.x before 18.16, and 19.x before 19.3, when a rootpw directive is not set in a Kickstart file, sets the root user password to empty, which allows local users to gain privileges.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/livecd-tools | <19.3 | 19.3 |
| redhat/livecd-tools | <18.16 | 18.16 |
| redhat/livecd-tools | <17.17 | 17.17 |
| redhat/livecd-tools | <13.4.4 | 13.4.4 |
| Redhat Livecd-tools | <13.4.4 | |
| Redhat Livecd-tools | >=17.0<17.17 | |
| Redhat Livecd-tools | >=18.0<18.16 | |
| Redhat Livecd-tools | >=19.0<19.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/security/cve/CVE-2013-2069
- https://access.redhat.com/site/solutions/379353
- https://rhn.redhat.com/errata/RHSA-2013-0849.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=966594
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=966596
- https://aws.amazon.com/security/security-bulletins/red-hat-and-other-third-party-public-amis-security-concern/
- https://git.fedorahosted.org/cgit/livecd/commit/?id=d40ec8e9d8e8222196f5f7f60b38983489794a67
- http://seclists.org/oss-sec/2013/q2/398
- https://git.fedorahosted.org/cgit/cloud-kickstarts.git/commit/generic?id=a81eef60ed108f37747168dbfe05dd6c6484ef63
- http://lists.fedoraproject.org/pipermail/announce/2013-May/003157.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=964299#c6
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=964299#c7
- https://git.fedorahosted.org/cgit/spin-kickstarts.git/commit/?h=f19&id=94d8808a138085238b7e9053aec194bbabc6aa43
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=964299#c5
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=961166
- https://bugzilla.redhat.com/show_bug.cgi?id=964299
- http://rhn.redhat.com/errata/RHSA-2013-0849.html
- http://www.openwall.com/lists/oss-security/2013/05/23/2
- http://www.securityfocus.com/bid/60119
- https://exchange.xforce.ibmcloud.com/vulnerabilities/84488
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/severity
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2013-2069
- agent/software-canonical-lookup
- agent/event
- agent/trending
- agent/tags
- agent/source
- vendor/redhat
- canonical/redhat livecd-tools
- version/redhat livecd-tools/17.0
- version/redhat livecd-tools/18.0
- version/redhat livecd-tools/19.0
- package-manager/redhat