PT-2020-17154 · Crux Linux · Crux Linux Docker

Published

2020-12-02

Updated

2020-12-22

CVE-2020-29389

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Crux Linux Docker images versions 3.0 through 3.4

Description The official Crux Linux Docker images contain a blank password for a root user. Systems using the Crux Linux Docker container deployed by affected versions of the Docker image may allow an attacker to achieve root access with a blank password.

Recommendations For versions 3.0 through 3.4, update the Docker image to a version that does not contain a blank password for the root user. As a temporary workaround, consider changing the root password to a secure value until a patched version of the Docker image is available. Restrict access to the Docker container to minimize the risk of exploitation.

Exploit

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2020-29389

Affected Products

Crux Linux Docker

PT-2020-17154 · Crux Linux · Crux Linux Docker

CVE-2020-29389

Weakness Enumeration

Related Identifiers

Affected Products

References · 7