CVE Vulnerability

CVE-2008-5103

The (1) python-vm-builder and (2) ubuntu-vm-builder implementations in VMBuilder 0.9 in Ubuntu 8.10 omit the -e option when invoking chpasswd with a root:! argument, which configures the root account with a cleartext password of ! (exclamation point) and allows attackers to bypass intended login restrictions.

7.2 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

References
Link Resource
http://launchpadlibrarian.net/19619929/vm-builder_0.9-0ubuntu3.1.debdiff Exploit
http://secunia.com/advisories/32697 Patch Vendor Advisory
http://www.ubuntu.com/usn/usn-670-1 Vendor Advisory
http://www.securityfocus.com/bid/32292 Patch
https://bugs.launchpad.net/ubuntu/+source/vm-builder/+bug/296841
http://osvdb.org/49996
https://exchange.xforce.ibmcloud.com/vulnerabilities/46603
Configurations

Configuration 1
Information

Published : 2008-11-17 06:18

Updated : 2017-08-08 01:33

NVD link : CVE-2008-5103

Mitre link : CVE-2008-5103

Products Affected
No products.
CWE
CWE-255