CVE-2012-4453
Public on 2012-10-09
Modified on 2014-09-16
Description
It was discovered that dracut created initramfs images as world readable. A local user could possibly use this flaw to obtain sensitive information from these files, such as iSCSI authentication passwords, encrypted root file system crypttab passwords, or other information.
Severity
Medium
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | dracut | 2013-12-11 | ALAS-2013-257 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv2 | 5.4 | AV:N/AC:H/Au:N/C:C/I:N/A:N |
| NVD | CVSSv2 | 2.1 | AV:L/AC:L/Au:N/C:P/I:N/A:N |