CVE-2008-5103

The (1) python-vm-builder and (2) ubuntu-vm-builder implementations in VMBuilder 0.9 in Ubuntu 8.10 omit the -e option when invoking chpasswd with a root:! argument, which configures the root account with a cleartext password of ! (exclamation point) and allows attackers to bypass intended login restrictions.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:dcgrendel:vmbuilder:0.9:*:*:*:*:*:*:*
OR cpe:2.3:o:ubuntu:ubuntu_linux:6.06:_nil_:lts:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:7.10:*:*:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:8.04:_nil_:lts:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:8.10:*:*:*:*:*:*:*

History

No history.

Information

Published : 2008-11-17 18:18

Updated : 2024-02-28 11:21


NVD link : CVE-2008-5103

Mitre link : CVE-2008-5103

CVE.ORG link : CVE-2008-5103


JSON object : View

Products Affected

dcgrendel

  • vmbuilder

ubuntu

  • ubuntu_linux
CWE
CWE-255

Credentials Management Errors