oss-security - Re: dracut creates non-world readable initramfs images

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Message-ID: <50648B04.5060705@fifthhorseman.net>
Date: Thu, 27 Sep 2012 13:21:08 -0400
From: Daniel Kahn Gillmor <dkg@...thhorseman.net>
To: oss-security@...ts.openwall.com
CC: Huzaifa Sidhpurwala <huzaifas@...hat.com>
Subject: Re: dracut creates non-world readable initramfs images

On 09/27/2012 05:07 AM, Huzaifa Sidhpurwala wrote:
> Hi All,
> 
> An information disclosure flaw was found in the way dracut, an
> initramfs root filesystem images generator, created initramfs images.
> 
> When the root filesystem contained sensitive information (password
> based authentication for iSCSI systems or encrypted root filesystem
> crypttab password information), an attacker could use this flaw to
> obtain this information.
> 
> This issue has been assigned CVE-2012-4453

the subject line says "creates non-world readable initramfs images".
should that be "creates world-readable initramfs images" instead?

	--dkg

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.