2.1 CVE-2012-2314

Patch Ransomware Risk

The bootloader configuration module (pyanaconda/bootloader.py) in Anaconda uses 755 permissions for /etc/grub.d, which allows local users to obtain password hashes and conduct brute force password guessing attacks.
https://nvd.nist.gov/vuln/detail/CVE-2012-2314

References

BID

53486

CONFIRM

http://git.fedorahosted.org/git/?p=anaconda.git;a=commit;h=03ef13b625cc06873a924e0610340f8489fd92df

FEDORA

FEDORA-2012-7579

MISC

https://bugzilla.redhat.com/show_bug.cgi?id=819031

_MLIST Patch

[oss-security] 20120504 CVE Request -- anaconda: Weak permissions by writing password configuration file in bootloader configuration module Patch
[oss-security] 20120504 Re: CVE Request -- anaconda: Weak permissions by writing password configuration file in bootloader configuration module

CPE

cpe	start	end
Configuration 1
cpe:2.3:a:fedoraproject:anaconda:-:::::::*

REMEDIATION

Patch

Url
[oss-security] 20120504 CVE Request -- anaconda: Weak permissions by writing password configuration file in bootloader configuration module

EXPLOITS

Exploit-db.com

id	description	date
No known exploits

Other (github, ...)

Url
No known exploits

CAPEC

Common Attack Pattern Enumerations and Classifications

id	description	severity
No entry

MITRE

Sherlock® flash

Take a picture of your computer network in a few clicks !

The Sherlock® flash audit solution allows you to perform an audit to strengthen the security of your IT assets. Vulnerability analysis of your physical and virtual equipment. Patch planning by priority level and time available. Detailed and intuitive reporting.

Discover this offer

Sherlock® flash: 1st instant cybersecurity audit solution