REDHAT-BUG-859448
First published: Fri Sep 21 2012(Updated: )
An information disclosure flaw was found in the way dracut, an initramfs root filesystem images generator, created initramfs images. When the root filesystem contained sensitive information (password based authentication for iSCSI systems or encrypted root filesystem crypttab password information), an attacker could use this flaw to obtain this information. Acknowledgements: This issue was discovered by Peter Jones of the Red Hat Installer Team.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dracut |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=616700&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=616700&action=edit
- https://access.redhat.com/security/cve/CVE-2012-4453
- https://github.com/haraldh/dracut/commit/e1b48995c26c4f06d1a718539cb1bd5b0179af91
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=860977
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=859448#c18
- https://github.com/haraldh/dracut/commit/
- http://git.kernel.org/?p=boot/dracut/dracut.git;a=commit;h=e1b48995c26c4f06d1a71
- http://git.kernel.org/?p=boot/dracut/dracut.git;a=commitdiff;h=e1b48995c26c4f06d1a718539cb1bd5b0179af91
- http://dracut.git.sourceforge.net/git/gitweb.cgi?p=dracut/dracut;a=commitdiff;h=e1b48995c26c4f06d1a718539cb1bd5b0179af91
- https://rhn.redhat.com/errata/RHSA-2013-1674.html
- https://bugzilla.redhat.com/show_bug.cgi?id=859448
- collector/redhat-bugzilla
- alias/CVE-2012-4453
- agent/references
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/severity
- agent/description
- agent/softwarecombine
- agent/event
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/red hat
- canonical/dracut