Scientific Linux Security Update : sos on SL7.x (noarch)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing a security update.

Description :

An insecure temporary file use flaw was found in the way sos created
certain sosreport files. A local attacker could possibly use this flaw
to perform a symbolic link attack to reveal the contents of sosreport
files, or in some cases modify arbitrary files and escalate their
privileges on the system. (CVE-2015-7529)

This update also fixes the following bug :

- Previously, the sosreport tool was not collecting the
/var/lib/ceph and /var/run/ceph directories when run
with the ceph plug-in enabled, causing the generated
sosreport archive to miss vital troubleshooting
information about ceph. With this update, the ceph
plug-in for sosreport collects these directories, and
the generated report contains more useful information.

See also :

http://www.nessus.org/u?cfa3f30a

Solution :

Update the affected sos package.

Risk factor :

High

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 88801 ()

Bugtraq ID:

CVE ID: CVE-2015-7529

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now