Red Hat livecd-tools before 13.4.4, 17.x before 17.17, 18.x before 18.16, and 19.x before 19.3, when a rootpw directive is not set in a Kickstart file, sets the root user password to empty, which allows local users to gain privileges.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Livecd-tools | Redhat | * | 13.4.4 (excluding) |
Livecd-tools | Redhat | 17.0 (including) | 17.17 (excluding) |
Livecd-tools | Redhat | 18.0 (including) | 18.16 (excluding) |
Livecd-tools | Redhat | 19.0 (including) | 19.3 (excluding) |
Red Hat Common 6 | RedHat | * |