CVE-2014-3925

2014-06-0104:29:34

CWE-255

[email protected]

web.nvd.nist.gov

cve-2014-3925

sosreport

red hat sos

rhel 5

sensitive information

cleartext passwords

fstab file

technical-support data stream

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.2 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.2%

JSON

sosreport in Red Hat sos 1.7 and earlier on Red Hat Enterprise Linux (RHEL) 5 produces an archive with an fstab file potentially containing cleartext passwords, and lacks a warning about reviewing this archive to detect included passwords, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream.

Affected configurations

NVD

Node

canonicalubuntu_linuxMatch14.04lts

canonicalubuntu_linuxMatch15.04

canonicalubuntu_linuxMatch15.10

Node

redhatsosRange≤1.7

AND

redhatenterprise_linuxMatch5

CPENameOperatorVersion
canonical:ubuntu_linuxcanonical ubuntu linuxeq14.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq15.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq15.10

CPE	Name	Operator	Version
canonical:ubuntu_linux	canonical ubuntu linux	eq	14.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	15.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	15.10