CVE-2014-3925
Published: 1 June 2014
sosreport in Red Hat sos 1.7 and earlier on Red Hat Enterprise Linux (RHEL) 5 produces an archive with an fstab file potentially containing cleartext passwords, and lacks a warning about reviewing this archive to detect included passwords, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream.
Notes
Author | Note |
---|---|
tyhicks | Fixed upstream in the 3.2 release |
Priority
Status
Package | Release | Status |
---|---|---|
sosreport Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Does not exist
|
|
trusty |
Released
(3.1-1ubuntu2.2)
|
|
upstream |
Released
(3.2)
|
|
vivid |
Not vulnerable
(3.2-2)
|
|
wily |
Not vulnerable
|
|
Patches: upstream: https://github.com/sosreport/sos/commit/7b46d34654735d925bcb2a3e4b27b65dce994519 |