The sos package has a sensitive information leakage vulnerability. During archival of debugging information, the package does not remove the root user password information stored in the Kickstart configuration file (/root/anaconda-ks.cfg) it leaves the root user password information from the Kickstart configuration file (/root/anaconda-ks.cfg) when creating an archive of debugging information, allowing an attacker to access the root user’s password related information at “/root/anaconda-ks.cfg”.
CPE | Name | Operator | Version |
---|---|---|---|
sos | eq | 2.2__17.el6 | |
sos | eq | 2.2__16.1ssa.el6 | |
sos | eq | 2.2__17.1.el6rhs | |
sos | eq | 2.2__17.2.el6rhs | |
sos | eq | 2.2__24.el6 | |
sos | eq | 2.2__17.el6_2.1 | |
sos | eq | 2.2__17.el6_2.3 | |
sos | eq | 2.2__8.el6 | |
sos | eq | 2.2__2.el6 |
rhn.redhat.com/errata/RHSA-2012-0958.html
rhn.redhat.com/errata/RHSA-2013-1121.html
www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
www.securityfocus.com/bid/54116
access.redhat.com/security/updates/classification/#low
bugzilla.redhat.com/show_bug.cgi?id=730641
bugzilla.redhat.com/show_bug.cgi?id=749262
bugzilla.redhat.com/show_bug.cgi?id=749279
bugzilla.redhat.com/show_bug.cgi?id=749919
bugzilla.redhat.com/show_bug.cgi?id=771393
bugzilla.redhat.com/show_bug.cgi?id=771501
bugzilla.redhat.com/show_bug.cgi?id=782589
bugzilla.redhat.com/show_bug.cgi?id=784862
bugzilla.redhat.com/show_bug.cgi?id=784874
bugzilla.redhat.com/show_bug.cgi?id=790402
docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.3_Technical_Notes/sos.html#RHSA-2012-0958
exchange.xforce.ibmcloud.com/vulnerabilities/76468
rhn.redhat.com/errata/RHSA-2012-0958.html