CVE-2008-5103

Name of the Vulnerable Software and Affected Versions VMBuilder version 0.9

Description The issue concerns the python-vm-builder and ubuntu-vm-builder implementations in VMBuilder. These implementations omit the -e option when invoking chpasswd with a root:! argument. As a result, the root account is configured with a cleartext password of !, allowing attackers to bypass intended login restrictions.

Recommendations For VMBuilder version 0.9, consider updating to a newer version that includes the -e option when invoking chpasswd to prevent the configuration of the root account with a cleartext password. At the moment, there is no information about a newer version that contains a fix for this vulnerability.