CVE-2014-3925

medium

Description

sosreport in Red Hat sos 1.7 and earlier on Red Hat Enterprise Linux (RHEL) 5 produces an archive with an fstab file potentially containing cleartext passwords, and lacks a warning about reviewing this archive to detect included passwords, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1102633

http://www.ubuntu.com/usn/USN-2845-1

http://openwall.com/lists/oss-security/2014/05/30/3

http://openwall.com/lists/oss-security/2014/05/29/6

Details

Source: Mitre, NVD

Published: 2014-06-01

Updated: 2016-04-06

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity: Medium