Public Date:
964299: CVE-2013-2069 livecd-tools: improper handling of passwords
It was discovered that when used to create images, livecd-tools gave the root user an empty password rather than leaving the password locked in situations where no 'rootpw' directive was used or when the 'rootpw --lock' directive was used within the Kickstart file, which could allow local users to gain access to the root account.

Find out more about CVE-2013-2069 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

NOTE: The following CVSS v2 metrics and score provided are preliminary and subject to review.

Base Score 7.2
Base Metrics AV:L/AC:L/Au:N/C:C/I:C/A:C
Access Vector Local
Access Complexity Low
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Common 6 RHSA-2013:0849 2013-05-23

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 6 ec2-images Affected
Red Hat Enterprise Linux 5 ec2-images Affected


Red Hat would like to thank Amazon Web Services for reporting this issue. Amazon Web Services acknowledges Sylvain Beucler as the original reporter.