Upstream information
Description
Red Hat livecd-tools before 13.4.4, 17.x before 17.17, 18.x before 18.16, and 19.x before 19.3, when a rootpw directive is not set in a Kickstart file, sets the root user password to empty, which allows local users to gain privileges.SUSE information
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having important severity.
| National Vulnerability Database | |
|---|---|
| Base Score | 7.2 |
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
| Access Vector | Local |
| Access Complexity | Low |
| Authentication | None |
| Confidentiality Impact | Complete |
| Integrity Impact | Complete |
| Availability Impact | Complete |
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| SUSE OpenStack Cloud 6 |
| Patchnames: SUSE OpenStack Cloud 6 GA openstack-heat-templates-0.0.0+git.1451027929.810f40b-1.1 |
SUSE Timeline for this CVE
CVE page created: Fri Jun 28 13:30:48 2013CVE page last modified: Fri Oct 7 12:46:28 2022