Lucene search

CentOS ProjectCESA-2005:598-01

HistoryAug 09, 2005 - 11:01 p.m.

sysreport security update

2005-08-0923:01:08

CentOS Project

lists.centos.org

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

EPSS

Percentile

5.1%

JSON

CentOS Errata and Security Advisory CESA-2005:598-01

Sysreport is a utility that gathers information about a system’s hardware
and configuration. The information can then be used for diagnostic purposes
and debugging.

Bill Stearns discovered a bug in the way sysreport creates temporary files.
It is possible that a local attacker could obtain sensitive information
about the system when sysreport is run. The Common Vulnerabilities and
Exposures project assigned the name CAN-2005-2104 to this issue.

Users of sysreport should update to this erratum package, which contains a
patch that resolves this issue.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2005-August/074189.html

Affected packages:
sysreport

OSVersionArchitecturePackageVersionFilename
CentOS2noarchsysreport< 1.3.7.0-7sysreport-1.3.7.0-7.noarch.rpm

OS	Version	Architecture	Package	Version	Filename
CentOS	2	noarch	sysreport	< 1.3.7.0-7	sysreport-1.3.7.0-7.noarch.rpm

References

steadfast.net/

www.ict.swin.edu.au/staff/jnewbigin

rhn.redhat.com/errata/rh21as-errata.html

twitter.com/centos

www.facebook.com/groups/centosproject/

www.linkedin.com/groups/22405

www.reddit.com/r/CentOS/

youtube.com/TheCentOSProject

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

EPSS

Percentile

5.1%

JSON

Related for CESA-2005:598-01