Scientific Linux Security Update : sos on SL6.x (noarch)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing a security update.

Description :

An insecure temporary file use flaw was found in the way sos created
certain sosreport files. A local attacker could possibly use this flaw
to perform a symbolic link attack to reveal the contents of sosreport
files, or in some cases modify arbitrary files and escalate their
privileges on the system. (CVE-2015-7529)

This update also fixes the following bug :

- Previously, when the hpasm plug-in ran the 'hpasmcli'
command in a Python Popen constructor or a system
pipeline, the command would hang and eventually time out
after 300 seconds. Sos was forced to wait for the time
out to finish, unnecessarily prolonging its run time.
With this update, the timeout of the 'hpasmcli' command
has been set to 0, eliminating the delay and speeding up
sos completion time.

See also :

http://www.nessus.org/u?0f7297c1

Solution :

Update the affected sos package.

Risk factor :

High

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 88676 ()

Bugtraq ID:

CVE ID: CVE-2015-7529

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now