CVE-2008-5103

The (1) python-vm-builder and (2) ubuntu-vm-builder implementations in VMBuilder 0.9 in Ubuntu 8.10 omit the -e option when invoking chpasswd with a root:! argument, which configures the root account with a cleartext password of ! (exclamation point) and allows attackers to bypass intended login restrictions.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 19%
VendorProductVersion
dcgrendelvmbuilder
0.9
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ubuntu-vm-builder
intrepid
dne
hardy
not-affected
gutsy
dne
dapper
dne
vm-builder
intrepid
Fixed
released
hardy
dne
gutsy
dne
dapper
dne
Common Weakness Enumeration
References
http://launchpadlibrarian.net/19619929/vm-builder_0.9-0ubuntu3.1.debdiff
http://osvdb.org/49996
http://secunia.com/advisories/32697
http://www.securityfocus.com/bid/32292
http://www.ubuntu.com/usn/usn-670-1
https://bugs.launchpad.net/ubuntu/+source/vm-builder/+bug/296841
https://exchange.xforce.ibmcloud.com/vulnerabilities/46603
http://launchpadlibrarian.net/19619929/vm-builder_0.9-0ubuntu3.1.debdiff
http://osvdb.org/49996
http://secunia.com/advisories/32697
http://www.securityfocus.com/bid/32292
http://www.ubuntu.com/usn/usn-670-1
https://bugs.launchpad.net/ubuntu/+source/vm-builder/+bug/296841
https://exchange.xforce.ibmcloud.com/vulnerabilities/46603