'Re: [oss-security] dracut creates non-world readable initramfs images'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] dracut creates non-world readable initramfs images
From:       Daniel Kahn Gillmor <dkg () fifthhorseman ! net>
Date:       2012-09-27 17:21:08
Message-ID: 50648B04.5060705 () fifthhorseman ! net
[Download RAW message or body]

On 09/27/2012 05:07 AM, Huzaifa Sidhpurwala wrote:
> Hi All,
> 
> An information disclosure flaw was found in the way dracut, an
> initramfs root filesystem images generator, created initramfs images.
> 
> When the root filesystem contained sensitive information (password
> based authentication for iSCSI systems or encrypted root filesystem
> crypttab password information), an attacker could use this flaw to
> obtain this information.
> 
> This issue has been assigned CVE-2012-4453

the subject line says "creates non-world readable initramfs images".
should that be "creates world-readable initramfs images" instead?

	--dkg
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic