Back to bug 1395134
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Adam Mariš | 2016-11-15 09:13:52 UTC | Blocks | 1393478 | |
| Adam Mariš | 2016-11-15 09:14:07 UTC | Depends On | 1395135 | |
| Huzaifa S. Sidhpurwala | 2016-11-15 10:14:17 UTC | Whiteboard | impact=moderate,public=20161114,reported=20161109,source=cve,cvss2=7.2/AV:L/AC:L/Au:N/C:C/I:C/A:C,cvss3=6.8/CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,cwe=cwe-391,rhel-5/cryptsetup-luks=new,fedora-all/cryptsetup=affected | impact=moderate,public=20161114,reported=20161109,source=cve,cvss2=7.2/AV:L/AC:L/Au:N/C:C/I:C/A:C,cvss3=6.8/CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,cwe=cwe-391,rhel-6/dracut=new,rhel-7/dracut=affected,fedora-all/dracut=affected |
| Huzaifa S. Sidhpurwala | 2016-11-15 10:16:34 UTC | Whiteboard | impact=moderate,public=20161114,reported=20161109,source=cve,cvss2=7.2/AV:L/AC:L/Au:N/C:C/I:C/A:C,cvss3=6.8/CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,cwe=cwe-391,rhel-6/dracut=new,rhel-7/dracut=affected,fedora-all/dracut=affected | impact=moderate,public=20161114,reported=20161109,source=cve,cvss2=7.2/AV:L/AC:L/Au:N/C:C/I:C/A:C,cvss3=6.8/CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,cwe=cwe-391,rhel-6/dracut=affected,rhel-7/dracut=affected,fedora-all/dracut=affected |
| Adam Mariš | 2016-11-15 10:26:21 UTC | Whiteboard | impact=moderate,public=20161114,reported=20161109,source=cve,cvss2=7.2/AV:L/AC:L/Au:N/C:C/I:C/A:C,cvss3=6.8/CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,cwe=cwe-391,rhel-6/dracut=affected,rhel-7/dracut=affected,fedora-all/dracut=affected | impact=moderate,public=20161114,reported=20161109,source=cve,cvss2=7.2/AV:L/AC:L/Au:N/C:C/I:C/A:C,cvss3=6.8/CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-391,rhel-6/dracut=affected,rhel-7/dracut=affected,fedora-all/dracut=affected |
| Michael Vermaes | 2016-11-16 04:38:36 UTC | CC | michaelv | |
| Slawomir Czarko | 2016-11-16 09:11:43 UTC | CC | slawomir | |
| Karlo | 2016-11-16 09:54:31 UTC | CC | karlo.luiten+bugzilla | |
| Apurbita Mukherjee | 2016-11-16 10:52:19 UTC | CC | apmukher | |
| Paul Dwyer | 2016-11-16 12:38:27 UTC | CC | pdwyer | |
| Huzaifa S. Sidhpurwala | 2016-11-17 02:53:57 UTC | Depends On | 1395949 | |
| Huzaifa S. Sidhpurwala | 2016-11-17 02:54:03 UTC | Depends On | 1395950 | |
| Huzaifa S. Sidhpurwala | 2016-11-17 02:54:11 UTC | Depends On | 1395951 | |
| Huzaifa S. Sidhpurwala | 2016-11-17 02:54:16 UTC | Depends On | 1395952 | |
| Clifford Perry | 2016-11-17 10:16:46 UTC | CC | cperry | |
| Huzaifa S. Sidhpurwala | 2016-11-18 09:41:36 UTC | Comment 5 is private | 1 | 0 |
| Nathan Galvin | 2016-11-29 15:31:56 UTC | CC | ngalvin | |
| Huzaifa S. Sidhpurwala | 2016-11-30 06:17:27 UTC | CC | sparks | |
| Flags | needinfo?(sparks) | |||
| Huzaifa S. Sidhpurwala | 2016-11-30 08:36:00 UTC | Summary | CVE-2016-4484 cryptsetup: Incorrect error handling when checking password | CVE-2016-4484 dracut: Brute force attack on LUKS password decryption via initramfs |
| Eric Christensen | 2016-11-30 19:13:13 UTC | CC | fleite | |
| Flags | needinfo?(sparks) | needinfo?(fleite) | ||
| Fabio Olive Leite | 2016-12-01 17:09:34 UTC | Flags | needinfo?(fleite) | |
| Huzaifa S. Sidhpurwala | 2016-12-02 03:18:15 UTC | Whiteboard | impact=moderate,public=20161114,reported=20161109,source=cve,cvss2=7.2/AV:L/AC:L/Au:N/C:C/I:C/A:C,cvss3=6.8/CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-391,rhel-6/dracut=affected,rhel-7/dracut=affected,fedora-all/dracut=affected | impact=moderate,public=20161114,reported=20161109,source=cve,cvss2=7.2/AV:L/AC:L/Au:N/C:C/I:C/A:C,cvss3=6.8/CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-391,rhel-6/dracut=wontfix,rhel-7/dracut=wontfix,fedora-all/dracut=affected |
| Huzaifa S. Sidhpurwala | 2016-12-02 03:59:18 UTC | Doc Text | A password-check vulnerability was found in the way initramfs, generated by dracut, handles the decryption of LUKS-encrypted data partitions. An attacker having physical access to the machine or access to the boot console may be able to brute-force the LUKS password using the dracut shell, and may be able to copy off the encrypted partition for an offline brute-force attack or, in certain conditions, install malicious boot images in the /boot partition. | |
| Fabio Olive Leite | 2016-12-05 17:44:49 UTC | CC | huzaifas | |
| Flags | needinfo?(huzaifas) | |||
| Huzaifa S. Sidhpurwala | 2016-12-06 04:53:02 UTC | Flags | needinfo?(huzaifas) | |
| Huzaifa S. Sidhpurwala | 2016-12-08 08:40:36 UTC | Status | NEW | CLOSED |
| Resolution | --- | WONTFIX | ||
| Last Closed | 2016-12-08 03:40:36 UTC | |||
| Product Security DevOps Team | 2019-09-29 13:59:56 UTC | Whiteboard | impact=moderate,public=20161114,reported=20161109,source=cve,cvss2=7.2/AV:L/AC:L/Au:N/C:C/I:C/A:C,cvss3=6.8/CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-391,rhel-6/dracut=wontfix,rhel-7/dracut=wontfix,fedora-all/dracut=affected |
Back to bug 1395134