CVE-2012-4453
dracut < 024 - Incorrect Default Permissions in initramfs Images
Title source: llmDescription
dracut.sh in dracut, as used in Red Hat Enterprise Linux 6, Fedora 16 and 17, and possibly other products, creates initramfs images with world-readable permissions, which might allow local users to obtain sensitive information.
References (8)
Core 8
Core References
Third Party Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1674.html
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=859448
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/55713
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/09/27/4
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/79258
Patch x_refsource_misc
http://git.kernel.org/?p=boot/dracut/dracut.git%3Ba=commit%3Bh=e1b48995c26c4f06d1a71
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/09/27/6
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/09/27/3
Scores
EPSS
0.0036
EPSS Percentile
28.1%
Details
CWE
CWE-276
Status
published
Products (6)
dracut_project/dracut
< 024
fedoraproject/fedora
16
fedoraproject/fedora
17
redhat/enterprise_linux_desktop
6.0
redhat/enterprise_linux_server
6.0
redhat/enterprise_linux_workstation
6.0
Published
Oct 09, 2012
Tracked Since
Feb 18, 2026