PT-2008-6251 · Canonical · Vmbuilder+3

Nick Barcet

Published

2008-11-17

Updated

2017-08-08

CVE-2008-5104

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Ubuntu versions 6.06 LTS, 7.10, 8.04 LTS, and 8.10

Description The issue allows attackers to bypass intended login restrictions due to the default root password being set to ! (exclamation point) when Ubuntu is installed as a virtual machine using python-vm-builder or ubuntu-vm-builder in VMBuilder 0.9 in Ubuntu 8.10.

Recommendations For Ubuntu versions 6.06 LTS, 7.10, 8.04 LTS, and 8.10, change the default root password to a secure password to prevent unauthorized access.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-255

Related Identifiers

CVE-2008-5104

Affected Products

Ubuntu

Vmbuilder

Python-Vm-Builder

Ubuntu-Vm-Builder

PT-2008-6251 · Canonical · Vmbuilder+3

CVE-2008-5104

Weakness Enumeration

Related Identifiers

Affected Products

References · 7