Lucene search

Ubuntu.comUB:CVE-2014-3925

HistoryJun 01, 2014 - 12:00 a.m.

CVE-2014-3925

2014-06-0100:00:00

ubuntu.com

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

72.2%

JSON

sosreport in Red Hat sos 1.7 and earlier on Red Hat Enterprise Linux (RHEL)
5 produces an archive with an fstab file potentially containing cleartext
passwords, and lacks a warning about reviewing this archive to detect
included passwords, which might allow remote attackers to obtain sensitive
information by leveraging access to a technical-support data stream.

Bugs

<https://bugzilla.redhat.com/show_bug.cgi?id=1102633>

Notes

Author	Note
tyhicks	Fixed upstream in the 3.2 release

OSVersionArchitecturePackageVersionFilename
ubuntu14.04noarchsosreport< 3.1-1ubuntu2.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	14.04	noarch	sosreport	< 3.1-1ubuntu2.2	UNKNOWN

References

openwall.com/lists/oss-security/2014/05/29/6

openwall.com/lists/oss-security/2014/05/30/3

launchpad.net/bugs/cve/CVE-2014-3925

nvd.nist.gov/vuln/detail/CVE-2014-3925

security-tracker.debian.org/tracker/CVE-2014-3925

ubuntu.com/security/notices/USN-2845-1

www.cve.org/CVERecord?id=CVE-2014-3925

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

72.2%

JSON

Related for UB:CVE-2014-3925