Vulnerability-Lookup

RHSA-2013:0849

Vulnerability from csaf_redhat - Published: 2013-05-23 13:31 - Updated: 2026-01-28 22:34

Summary

Red Hat Security Advisory: KVM image security update

Notes

Topic

The Red Hat Enterprise Linux 6.4 KVM Guest Image for cloud instances had an empty root password by default. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

Details

Red Hat provides a Red Hat Enterprise Linux 6.4 KVM Guest Image for cloud instances. This image is provided as a minimally configured system image which is available for use as-is or for configuration and customization as required by end users. The Red Hat Enterprise Linux 6.4 KVM Guest Image for cloud instances had an empty root password by default. To address this, Red Hat has created an updated image that locks the root password by default. This updated image is now available on RHN. To correct existing Red Hat Enterprise Linux 6.4 KVM Guest Images, any images or systems built using this Red Hat Enterprise Linux 6.4 KVM Guest Image, or any currently running Red Hat Enterprise Linux instances instantiated from this image, users can lock the root password by issuing, as root, the command: passwd -l root Note: The default OpenSSH configuration disallows password logins when the password is empty, preventing a remote attacker from logging in without a password. Root Cause Kickstart can be used to automate operating system installations. A Kickstart file specifies settings for an installation. Once the installation system boots, it can read a Kickstart file and carry out the installation process without any further input from a user. Kickstart is used as part of the process of creating Images of Red Hat Enterprise Linux for cloud providers. It was discovered that when no 'rootpw' command was specified in a Kickstart file, the image creator tools gave the root user an empty password rather than leaving the password locked, which could allow a local user to gain access to the root account (CVE-2013-2069). We have corrected this issue by updating the Kickstart file used to build affected images to lock the password file. This issue was caused by the way a tool was used to create Images, and not due to a security vulnerability in Red Hat Enterprise Linux. To import the image into an OpenStack environment, download the image from Red Hat Network to a system that has the python-glanceclient package installed. Refer to the OpenStack Getting Started Guide, linked to in the References, for information on importing the image into an OpenStack environment. After successfully importing, it is also highly recommended that the "glance delete" command is used to delete any previous versions of the image that exist in the Glance image registry.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "The Red Hat Enterprise Linux 6.4 KVM Guest Image for cloud instances had\nan empty root password by default.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from the\nCVE link in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat provides a Red Hat Enterprise Linux 6.4 KVM Guest Image for\ncloud instances. This image is provided as a minimally configured system\nimage which is available for use as-is or for configuration and\ncustomization as required by end users.\n\nThe Red Hat Enterprise Linux 6.4 KVM Guest Image for cloud instances had an\nempty root password by default. To address this, Red Hat has created an\nupdated image that locks the root password by default. This updated image\nis now available on RHN.\n\nTo correct existing Red Hat Enterprise Linux 6.4 KVM Guest Images, any\nimages or systems built using this Red Hat Enterprise Linux 6.4 KVM Guest\nImage, or any currently running Red Hat Enterprise Linux instances\ninstantiated from this image, users can lock the root password by issuing,\nas root, the command:\n\npasswd -l root\n\nNote: The default OpenSSH configuration disallows password logins when\nthe password is empty, preventing a remote attacker from logging in\nwithout a password.\n\nRoot Cause\n\nKickstart can be used to automate operating system installations. A\nKickstart file specifies settings for an installation. Once the\ninstallation system boots, it can read a Kickstart file and carry out the\ninstallation process without any further input from a user. Kickstart is\nused as part of the process of creating Images of Red Hat Enterprise Linux\nfor cloud providers.\n\nIt was discovered that when no \u0027rootpw\u0027 command was specified in a\nKickstart file, the image creator tools gave the root user an empty\npassword rather than leaving the password locked, which could allow a local\nuser to gain access to the root account (CVE-2013-2069).\n\nWe have corrected this issue by updating the Kickstart file used to build\naffected images to lock the password file.\n\nThis issue was caused by the way a tool was used to create Images, and not\ndue to a security vulnerability in Red Hat Enterprise Linux.\n\nTo import the image into an OpenStack environment, download the image from\nRed Hat Network to a system that has the python-glanceclient package\ninstalled. Refer to the OpenStack Getting Started Guide, linked to in the\nReferences, for information on importing the image into an OpenStack\nenvironment. After successfully importing, it is also highly recommended\nthat the \"glance delete\" command is used to delete any previous versions of\nthe image that exist in the Glance image registry.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2013:0849",
        "url": "https://access.redhat.com/errata/RHSA-2013:0849"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://rhn.redhat.com/rhn/software/channel/downloads/Download.do?cid=16952",
        "url": "https://rhn.redhat.com/rhn/software/channel/downloads/Download.do?cid=16952"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/site/documentation/en-US/Red_Hat_OpenStack/2/html/Getting_Started_Guide/ch09s02.html",
        "url": "https://access.redhat.com/site/documentation/en-US/Red_Hat_OpenStack/2/html/Getting_Started_Guide/ch09s02.html"
      },
      {
        "category": "external",
        "summary": "964299",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=964299"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_0849.json"
      }
    ],
    "title": "Red Hat Security Advisory: KVM image security update",
    "tracking": {
      "current_release_date": "2026-01-28T22:34:50+00:00",
      "generator": {
        "date": "2026-01-28T22:34:50+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.16"
        }
      },
      "id": "RHSA-2013:0849",
      "initial_release_date": "2013-05-23T13:31:00+00:00",
      "revision_history": [
        {
          "date": "2013-05-23T13:31:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2013-05-23T14:34:58+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-01-28T22:34:50+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server (v. 6)",
                  "product_id": "Red Hat Enterprise Linux Server (v. 6)",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:6::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Common"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Amazon Web Services"
          ]
        }
      ],
      "cve": "CVE-2013-2069",
      "cwe": {
        "id": "CWE-798",
        "name": "Use of Hard-coded Credentials"
      },
      "discovery_date": "2013-05-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "964299"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "It was discovered that when used to create images, livecd-tools gave the root user an empty password rather than leaving the password locked in situations where no \u0027rootpw\u0027 directive was used or when the \u0027rootpw --lock\u0027 directive was used within the Kickstart file, which could allow local users to gain access to the root account.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "livecd-tools: improper handling of passwords",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux Server (v. 6)"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2013-2069"
        },
        {
          "category": "external",
          "summary": "RHBZ#964299",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=964299"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2069",
          "url": "https://www.cve.org/CVERecord?id=CVE-2013-2069"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2069",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2069"
        }
      ],
      "release_date": "2013-05-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2013-05-23T13:31:00+00:00",
          "details": "The updated image is available from RHN, linked to in the References.",
          "product_ids": [
            "Red Hat Enterprise Linux Server (v. 6)"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2013:0849"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "products": [
            "Red Hat Enterprise Linux Server (v. 6)"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "livecd-tools: improper handling of passwords"
    }
  ]
}

CVE-2013-2069 (GCVE-0-2013-2069)

Vulnerability from cvelistv5 – Published: 2013-05-29 00:00 – Updated: 2024-08-06 15:27

Summary

Red Hat livecd-tools before 13.4.4, 17.x before 17.17, 18.x before 18.16, and 19.x before 19.3, when a rootpw directive is not set in a Kickstart file, sets the root user password to empty, which allows local users to gain privileges.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	https://aws.amazon.com/security/security-bulletin…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/60119	vdb-entryx_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.openwall.com/lists/oss-security/2013/05/23/2	mailing-listx_refsource_MLIST
	https://bugzilla.redhat.com/show_bug.cgi?id=964299	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2013-0849.html	vendor-advisoryx_refsource_REDHAT

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T15:27:39.171Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://aws.amazon.com/security/security-bulletins/red-hat-and-other-third-party-public-amis-security-concern/"
          },
          {
            "name": "60119",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/60119"
          },
          {
            "name": "redhat-cve20132069-livecd-security-bypass(84488)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84488"
          },
          {
            "name": "[oss-security] 20130523 CVE-2013-2069 livecd-tools: improper handling of passwords",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2013/05/23/2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=964299"
          },
          {
            "name": "RHSA-2013:0849",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-0849.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-05-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Red Hat livecd-tools before 13.4.4, 17.x before 17.17, 18.x before 18.16, and 19.x before 19.3, when a rootpw directive is not set in a Kickstart file, sets the root user password to empty, which allows local users to gain privileges."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://aws.amazon.com/security/security-bulletins/red-hat-and-other-third-party-public-amis-security-concern/"
        },
        {
          "name": "60119",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/60119"
        },
        {
          "name": "redhat-cve20132069-livecd-security-bypass(84488)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84488"
        },
        {
          "name": "[oss-security] 20130523 CVE-2013-2069 livecd-tools: improper handling of passwords",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2013/05/23/2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=964299"
        },
        {
          "name": "RHSA-2013:0849",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-0849.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-2069",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Red Hat livecd-tools before 13.4.4, 17.x before 17.17, 18.x before 18.16, and 19.x before 19.3, when a rootpw directive is not set in a Kickstart file, sets the root user password to empty, which allows local users to gain privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://aws.amazon.com/security/security-bulletins/red-hat-and-other-third-party-public-amis-security-concern/",
              "refsource": "CONFIRM",
              "url": "https://aws.amazon.com/security/security-bulletins/red-hat-and-other-third-party-public-amis-security-concern/"
            },
            {
              "name": "60119",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/60119"
            },
            {
              "name": "redhat-cve20132069-livecd-security-bypass(84488)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84488"
            },
            {
              "name": "[oss-security] 20130523 CVE-2013-2069 livecd-tools: improper handling of passwords",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2013/05/23/2"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=964299",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=964299"
            },
            {
              "name": "RHSA-2013:0849",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0849.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-2069",
    "datePublished": "2013-05-29T00:00:00",
    "dateReserved": "2013-02-19T00:00:00",
    "dateUpdated": "2024-08-06T15:27:39.171Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2013:0849

CVE-2013-2069 (GCVE-0-2013-2069)

Tags

Sightings

Nomenclature