5 matches found
Sensitive Information Leakage
The sos package has a sensitive information leakage vulnerability. During archival of debugging information, the package does not remove the root user password information stored in the Kickstart configuration file /root/anaconda-ks.cfg it leaves the root user password information from the...
CentOS Update for sos CESA-2013:1121 centos5
Check for the Version of sos OpenVAS Vulnerability Test CentOS Update for sos CESA-2013:1121 centos5 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...
Scientific Linux Security Update : sos on SL5.x (noarch) (20130730)
The sosreport utility collected the Kickstart configuration file '/root /anaconda-ks.cfg', but did not remove the root user's password from it before adding the file to the resulting archive of debugging information. An attacker able to access the archive could possibly use this flaw to obtain th...
CVE-2012-2664
The sosreport utility in the Red Hat sos package before 2.2-29 does not remove the root user password information from the Kickstart configuration file /root/anaconda-ks.cfg when creating an archive of debugging information, which might allow attackers to obtain passwords or password hashes...
Default credentials
The sosreport utility in the Red Hat sos package before 2.2-29 does not remove the root user password information from the Kickstart configuration file /root/anaconda-ks.cfg when creating an archive of debugging information, which might allow attackers to obtain passwords or password hashes...