Skip to main content

Dracut CVE-2012-4453

LOW
Incorrect Default Permissions (CWE-276)
2012-10-09 secalert@redhat.com
2.1
CVSS 2.0 · NVD

Severity by source

NVD PRIMARY
2.1 LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:L/AC:L/Au:N/C:P/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Confidentiality
P
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Oct 09, 2012 - 23:55 cve.org
LOW 2.1

DescriptionCVE.org

dracut.sh in dracut, as used in Red Hat Enterprise Linux 6, Fedora 16 and 17, and possibly other products, creates initramfs images with world-readable permissions, which might allow local users to obtain sensitive information.

AnalysisAI

dracut.sh in dracut, as used in Red Hat Enterprise Linux 6, Fedora 16 and 17, and possibly other products, creates initramfs images with world-readable permissions, which might allow local users to. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Technical ContextAI

This vulnerability is classified as Incorrect Default Permissions (CWE-276), which allows attackers to access resources due to overly permissive default settings. dracut.sh in dracut, as used in Red Hat Enterprise Linux 6, Fedora 16 and 17, and possibly other products, creates initramfs images with world-readable permissions, which might allow local users to obtain sensitive information. Affected products include: Dracut Project Dracut, Fedoraproject Fedora, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server, Redhat Enterprise Linux Workstation.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Set restrictive default permissions, follow principle of least privilege, review defaults during deployment.

Share

CVE-2012-4453 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy