Candidate: CVE-2014-4040 PublicDate: 2014-06-17 15:55:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4040 http://openwall.com/lists/oss-security/2014/06/17/1 Description: snap in powerpc-utils 1.2.20 produces an archive with fstab and yaboot.conf files potentially containing cleartext passwords, and lacks a warning about reviewing this archive to detect included passwords, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream. Ubuntu-Description: Notes: sbeattie> snap script is in powerpc-utils (powerpc-ibm-utils binary package), which ppc64diag depends on. sbeattie> code is not present in powerpc-utils 1.1.3. Bugs: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=740179 Priority: medium Discovered-by: Assigned-to: CVSS: Patches_ppc64-diag: upstream_ppc64-diag: needs-triage lucid_ppc64-diag: DNE precise_ppc64-diag: DNE saucy_ppc64-diag: DNE trusty_ppc64-diag: not-affected (code not present) trusty/esm_ppc64-diag: DNE (trusty was not-affected [code not present]) utopic_ppc64-diag: ignored (reached end-of-life) vivid_ppc64-diag: ignored (reached end-of-life) vivid/stable-phone-overlay_ppc64-diag: DNE vivid/ubuntu-core_ppc64-diag: DNE wily_ppc64-diag: ignored (reached end-of-life) xenial_ppc64-diag: not-affected (code not present) devel_ppc64-diag: not-affected (code not present) Patches_powerpc-utils: upstream: https://github.com/nfont/powerpc-utils/commit/96f861446684be87304f4af34029c6ddd52e6584 upstream_powerpc-utils: released (1.2.25) precise_powerpc-utils: not-affected (v1.1.3) trusty_powerpc-utils: not-affected (v1.1.3) trusty/esm_powerpc-utils: DNE (trusty was not-affected [v1.1.3]) utopic_powerpc-utils: ignored (reached end-of-life) vivid_powerpc-utils: ignored (reached end-of-life) vivid/stable-phone-overlay_powerpc-utils: DNE vivid/ubuntu-core_powerpc-utils: DNE wily_powerpc-utils: ignored (reached end-of-life) xenial_powerpc-utils: not-affected (1.3.1-1) esm-infra/xenial_powerpc-utils: not-affected (1.3.1-1) devel_powerpc-utils: not-affected (1.3.1-1)