LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Shumway lands in Firefox

LWN.net Weekly Edition for October 3, 2013

Integrity and embedded devices

NUMA scheduling progress

LWN.net Weekly Edition for September 26, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

kvm guest image: no root password

Package(s):kvm guest image CVE #(s):CVE-2013-2069
Created:May 24, 2013 Updated:June 11, 2013
Description: From the Red Hat advisory:

It was discovered that when no 'rootpw' command was specified in a Kickstart file, the image creator tools gave the root user an empty password rather than leaving the password locked, which could allow a local user to gain access to the root account.

Alerts:
Red Hat RHSA-2013:0849-01 2013-05-23
Fedora FEDORA-2013-9708 2013-06-07
Fedora FEDORA-2013-9111 2013-06-11
(Log in to post comments)

kvm: privilege escalation

Posted May 31, 2013 19:49 UTC (Fri) by zslade (subscriber, #72097) [Link]

Something is wrong here or I'm missing something. This security vulnerability is for the livecd-tools package and not KVM. KVM is not mentioned in the CVE at all.

kvm: privilege escalation

Posted Jun 1, 2013 0:32 UTC (Sat) by jake (editor, #205) [Link]

> Something is wrong here

yes indeed. we missed that the problem is in a kvm guest image (that had been created with livecd-tools evidently). thanks for catching it!

jake

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds