Vulnerability Description
The (1) python-vm-builder and (2) ubuntu-vm-builder implementations in VMBuilder 0.9 in Ubuntu 8.10 omit the -e option when invoking chpasswd with a root:! argument, which configures the root account with a cleartext password of ! (exclamation point) and allows attackers to bypass intended login restrictions.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dcgrendel | Vmbuilder | 0.9 |
| Ubuntu | Ubuntu Linux | 6.06 |
Related Weaknesses (CWE)
References
- http://launchpadlibrarian.net/19619929/vm-builder_0.9-0ubuntu3.1.debdiffExploit
- http://osvdb.org/49996
- http://secunia.com/advisories/32697PatchVendor Advisory
- http://www.securityfocus.com/bid/32292Patch
- http://www.ubuntu.com/usn/usn-670-1Vendor Advisory
- https://bugs.launchpad.net/ubuntu/+source/vm-builder/+bug/296841
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46603
- http://launchpadlibrarian.net/19619929/vm-builder_0.9-0ubuntu3.1.debdiffExploit
- http://osvdb.org/49996
- http://secunia.com/advisories/32697PatchVendor Advisory
- http://www.securityfocus.com/bid/32292Patch
- http://www.ubuntu.com/usn/usn-670-1Vendor Advisory
- https://bugs.launchpad.net/ubuntu/+source/vm-builder/+bug/296841
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46603
FAQ
What is CVE-2008-5103?
CVE-2008-5103 is a vulnerability with a CVSS score of 7.2 (HIGH). The (1) python-vm-builder and (2) ubuntu-vm-builder implementations in VMBuilder 0.9 in Ubuntu 8.10 omit the -e option when invoking chpasswd with a root:! argument, which configures the root account ...
How severe is CVE-2008-5103?
CVE-2008-5103 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-5103?
Check the references section above for vendor advisories and patch information. Affected products include: Dcgrendel Vmbuilder, Ubuntu Ubuntu Linux.