Detections
Analytics

MiracleLinux 4 : dracut-004-336.AXS4.2 (AXSA:2014-007:01)

medium Nessus Plugin ID 289060

Synopsis

The remote MiracleLinux host is missing a security update.

Description

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2014-007:01 advisory.

 dracut is a new, event-driven initramfs infrastructure based around udev.
 Security issues fixed with this release:
 CVE-2012-4453 dracut.sh in dracut creates initramfs images with world-readable permissions, which might allow local users to obtain sensitive information.
 Fixed bugs:
 Added the previously missing mkinitrd(8) man page.
 Previously, specification of the original logical volume name (rd_LVM_LV) was required when booting an LVM snapshot. The dracut utility now calls the lvchange command with the --yes option, which makes booting LVM snapshots more intuitive.
 Previously, initramfs could contain stale symbolic links because the dracut utility copied them without following every redirection. This has been fixed.
 Previously, when setting up crypto devices, the dracut utility failed to take into account all parameters of the /etc/crypttab file and options and file names in /etc/crypttab had no effect in initramfs. This has been fixed.
 dracuts now starts the iSCSI service regardless of the network configuration parameters on the kernel command line, so that it is possible to boot with iSCSI even on systems that do not need a network configuration.
 Previously, if the user set GREP_OPTIONS while calling yum or running dracut, grep did not work correctly with dracut. dracut now unsets GREP_OPTIONS and user settings prior to running.
 Previously, the multipath configuration file was always included in the initramfs, even if the root device was not a multipath device. As a result, the administrator had to update initramfs before rebooting when changing the multipath configuration. This has been fixed and dracut only inculdes the multipath configuration if the root device is a multipath device. The configuration can also be split:
 /etc/multipath-root.conf /etc/multipath-root/* /etc/xdrdevices-root.conf These files will be used in initramfs as follows:
 /etc/multipath.conf /etc/multipath/* /etc/xdrdevices.conf When using the Red Hat Enterprise Virtualization Hypervisor packaging of the kernel on a live image, booting an installation in FIPS mode now checks the correct kernel image and if the checksum is correct, the system continues to boot in FIPS mode.
 Dracut now includes the xhci-hcd driver in initramfs, and the system is able to boot from USB 3.0 disks.
 Previously, if the biosdevname=1 parameter had not been specified on the kernel command line, the dracut utility disabled biosdevname network interface renaming on all machines. Consequently, on Dell machines, interfaces used in initramfs did not have automatic biosdevname names, even though biosdevname interface renaming was active later in the boot process. With this update, dracut only disables biosdevname if the parameter is set to 0. For non-Dell machines, biosdevname now renames interfaces only if biosdevname=1 is specified on the kernel command line, and Dell machines have biosdevname named interfaces in initramfs.
 Previously, it took too long to activate Fibre Channel over Ethernet (FcoE) on a 10GBaseT Twin Pond adapter and the fipvlan utility called by dracut would time out. To fix this, fipvlan is now called with a 30 seconds waiting time.
 Previously, when running the ldd tool, the dracut utility output could end up in the standard error output. This has been fixed and cat error messages are now hidden in this case.
 Previously, systems with encrypted disks cound not boot succesfully in FIPS mode. This has been fixed:
 the dracut utility now copies all the needed files in the initramfs and the system boots successfully.
 Previously, when booting live ISO images in FIPS mode, dracut searched for the checksum file of the kernel image in the wrong place and boot failed. This has been fixed.
 Enhancements Added the /etc/system-fips file marker when the dracut-fips rpm package is installed to provide a stable file location for FIPS,a s required by the National Institute of Standards and Technology (NIST).
 Added support for bonding of network interfaces in initramfs Format: bond=<bondname>[:<bondslaves>:[:<options>]] Refer to the modinfo bonding command for more help.
 It is now possible to turn off the multipath device mapper if the multipath dracut module is included in the initramfs with the newly added rd_NO_MULTIPATH kernel command line option.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://tsn.miraclelinux.com/en/node/4418

Plugin Details

Severity: Medium

ID: 289060

File Name: miracle_linux_AXSA-2014-007.nasl

Version: 1.1

Type: local

Published: 1/16/2026

Updated: 1/16/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

Vendor

Vendor Severity: High

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2012-4453

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:miracle:linux:dracut, p-cpe:/a:miracle:linux:dracut-kernel, cpe:/o:miracle:linux:4, p-cpe:/a:miracle:linux:dracut-fips, p-cpe:/a:miracle:linux:dracut-network

Required KB Items: Host/local_checks_enabled, Host/MiracleLinux/release, Host/MiracleLinux/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 3/4/2014

Vulnerability Publication Date: 9/21/2012

Reference Information

CVE: CVE-2012-4453