CVE-2012-4453 — Incorrect Default Permissions in Project Dracut

CWE-276 — Incorrect Default Permissions9 documents6 sources

Severity

2.1LOWNVD

EPSS

0.0%

top 88.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dracut Project Dracut Debian Dracut Fedoraproject Fedora +3 more

Timeline

PublishedOct 9

Latest updateMay 13

Description

dracut.sh in dracut, as used in Red Hat Enterprise Linux 6, Fedora 16 and 17, and possibly other products, creates initramfs images with world-readable permissions, which might allow local users to obtain sensitive information.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages6 packages

▶debiandebian/dracut< dracut 020-1.1 (bookworm)

▶NVDdracut_project/dracut< 024

▶Debiandracut_project/dracut< 020-1.1+3

▶NVDredhat/enterprise_linux_server6.0

▶NVDredhat/enterprise_linux_desktop6.0

Also affects: Fedora 16, 17

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-84vh-967q-qr87: dracut↗2022-05-13

▶

OSV

CVE-2012-4453: dracut↗2012-10-09

▶

📋Vendor Advisories

Red Hat

dracut: Creates initramfs images with world-readable permissions (information disclosure)↗2012-09-27

▶

Debian

CVE-2012-4453: dracut - dracut.sh in dracut, as used in Red Hat Enterprise Linux 6, Fedora 16 and 17, an...↗2012

▶

💬Community

Bugzilla

CVE-2019-13179 calamares: incorrect permission leads to disclosure of decryption keys for LUKS container↗2019-07-03

▶

Bugzilla

CVE-2019-13179 calamares: incorrect permission leads to disclosure of decryption keys for LUKS container [fedora-all]↗2019-07-03

▶

Bugzilla

CVE-2012-4453 dracut: Creates initramfs images with world-readable permissions (information disclosure) [fedora-all]↗2012-09-27

▶

Bugzilla

CVE-2012-4453 dracut: Creates initramfs images with world-readable permissions (information disclosure)↗2012-09-21

▶