Back to search
CVE-2008-5103
Published: Nov 17, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
The (1) python-vm-builder and (2) ubuntu-vm-builder implementations in VMBuilder 0.9 in Ubuntu 8.10 omit the -e option when invoking chpasswd with a root:! argument, which configures the root account with a cleartext password of ! (exclamation point) and allows attackers to bypass intended login restrictions.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
32697
third-party-advisory
x_refsource_SECUNIA
32292
vdb-entry
x_refsource_BID
http://launchpadlibrarian.net/19619929/vm-builder_0.9-0ubuntu3.1.debdiff
x_refsource_CONFIRM
USN-670-1
vendor-advisory
x_refsource_UBUNTU
vmbuilder-password-weak-security(46603)
vdb-entry
x_refsource_XF
https://bugs.launchpad.net/ubuntu/+source/vm-builder/+bug/296841
x_refsource_CONFIRM
49996
vdb-entry
x_refsource_OSVDB
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now