CVE-2008-5103 - OpenCVE

The (1) python-vm-builder and (2) ubuntu-vm-builder implementations in VMBuilder 0.9 in Ubuntu 8.10 omit the -e option when invoking chpasswd with a root:! argument, which configures the root account with a cleartext password of ! (exclamation point) and allows attackers to bypass intended login restrictions.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Dcgrendel	Vmbuilder
Ubuntu	Ubuntu Linux

Configuration 1 [-]

AND

cpe:2.3:a:dcgrendel:vmbuilder:0.9:*:*:*:*:*:*:*

OR	cpe:2.3:o:ubuntu:ubuntu_linux:6.06:_nil_:lts:::::*
	cpe:2.3:o:ubuntu:ubuntu_linux:7.10:::::::*
	cpe:2.3:o:ubuntu:ubuntu_linux:8.04:_nil_:lts:::::*
	cpe:2.3:o:ubuntu:ubuntu_linux:8.10:::::::*

No data.

References

Link	Providers
http://launchpadlibrarian.net/19619929/vm-builder_0.9-0ubuntu3.1.debdiff
http://osvdb.org/49996
http://secunia.com/advisories/32697
http://www.securityfocus.com/bid/32292
http://www.ubuntu.com/usn/usn-670-1
https://bugs.launchpad.net/ubuntu/+source/vm-builder/+bug/296841
https://exchange.xforce.ibmcloud.com/vulnerabilities/46603

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-11-17T18:00:00

Updated: 2024-08-07T10:40:17.156Z

Reserved: 2008-11-17T00:00:00

Link: CVE-2008-5103

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-11-17T18:18:48.017

Modified: 2017-08-08T01:33:06.610

Link: CVE-2008-5103

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-11-13T00:00:00", "descriptions": [{"lang": "en", "value": "The (1) python-vm-builder and (2) ubuntu-vm-builder implementations in VMBuilder 0.9 in Ubuntu 8.10 omit the -e option when invoking chpasswd with a root:! argument, which configures the root account with a cleartext password of ! (exclamation point) and allows attackers to bypass intended login restrictions."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "32697", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32697"}, {"name": "32292", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/32292"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://launchpadlibrarian.net/19619929/vm-builder_0.9-0ubuntu3.1.debdiff"}, {"name": "USN-670-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/usn-670-1"}, {"name": "vmbuilder-password-weak-security(46603)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46603"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.launchpad.net/ubuntu/+source/vm-builder/+bug/296841"}, {"name": "49996", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/49996"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-5103", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The (1) python-vm-builder and (2) ubuntu-vm-builder implementations in VMBuilder 0.9 in Ubuntu 8.10 omit the -e option when invoking chpasswd with a root:! argument, which configures the root account with a cleartext password of ! (exclamation point) and allows attackers to bypass intended login restrictions."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "32697", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32697"}, {"name": "32292", "refsource": "BID", "url": "http://www.securityfocus.com/bid/32292"}, {"name": "http://launchpadlibrarian.net/19619929/vm-builder_0.9-0ubuntu3.1.debdiff", "refsource": "CONFIRM", "url": "http://launchpadlibrarian.net/19619929/vm-builder_0.9-0ubuntu3.1.debdiff"}, {"name": "USN-670-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-670-1"}, {"name": "vmbuilder-password-weak-security(46603)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46603"}, {"name": "https://bugs.launchpad.net/ubuntu/+source/vm-builder/+bug/296841", "refsource": "CONFIRM", "url": "https://bugs.launchpad.net/ubuntu/+source/vm-builder/+bug/296841"}, {"name": "49996", "refsource": "OSVDB", "url": "http://osvdb.org/49996"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T10:40:17.156Z"}, "title": "CVE Program Container", "references": [{"name": "32697", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/32697"}, {"name": "32292", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/32292"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://launchpadlibrarian.net/19619929/vm-builder_0.9-0ubuntu3.1.debdiff"}, {"name": "USN-670-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/usn-670-1"}, {"name": "vmbuilder-password-weak-security(46603)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46603"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.launchpad.net/ubuntu/+source/vm-builder/+bug/296841"}, {"name": "49996", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/49996"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-5103", "datePublished": "2008-11-17T18:00:00", "dateReserved": "2008-11-17T00:00:00", "dateUpdated": "2024-08-07T10:40:17.156Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dcgrendel:vmbuilder:0.9:*:*:*:*:*:*:*", "matchCriteriaId": "131A9ABC-41B8-42D4-871C-5375D413F1FB", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.06:_nil_:lts:*:*:*:*:*", "matchCriteriaId": "8CC514F1-FFCF-4ADD-8A2C-F22C693F9DCF", "vulnerable": false}, {"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:7.10:*:*:*:*:*:*:*", "matchCriteriaId": "06FD8602-7069-41C6-B65C-84928EDCE2D6", "vulnerable": false}, {"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:8.04:_nil_:lts:*:*:*:*:*", "matchCriteriaId": "3DD8F0EE-8DD3-4399-83E4-AD4FC89A1DCD", "vulnerable": false}, {"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:8.10:*:*:*:*:*:*:*", "matchCriteriaId": "ED67B852-4B37-4B79-8F4D-23B2FEACA4ED", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The (1) python-vm-builder and (2) ubuntu-vm-builder implementations in VMBuilder 0.9 in Ubuntu 8.10 omit the -e option when invoking chpasswd with a root:! argument, which configures the root account with a cleartext password of ! (exclamation point) and allows attackers to bypass intended login restrictions."}, {"lang": "es", "value": "Las implementaciones (1) python-vm-builder y (2) ubuntu-vm-builder en VMBuilder v0.9 en Ubuntu v8.10 omiten la opci\u00f3n -e cuando invocan chpasswd con un argumento root:!, lo cual configura la cuenta ra\u00edz con una contrase\u00f1a en texto claro de ! (punto de exclamaci\u00f3n) y permite a atacantes evitar restricciones de login intencionadas."}], "id": "CVE-2008-5103", "lastModified": "2017-08-08T01:33:06.610", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-11-17T18:18:48.017", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://launchpadlibrarian.net/19619929/vm-builder_0.9-0ubuntu3.1.debdiff"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/49996"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/32697"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/32292"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.ubuntu.com/usn/usn-670-1"}, {"source": "cve@mitre.org", "url": "https://bugs.launchpad.net/ubuntu/+source/vm-builder/+bug/296841"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46603"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-255"}], "source": "nvd@nist.gov", "type": "Primary"}]}