CVE-2014-3925
Description
sosreport in Red Hat sos 1.7 and earlier on Red Hat Enterprise Linux (RHEL) 5 produces an archive with an fstab file potentially containing cleartext passwords, and lacks a warning about reviewing this archive to detect included passwords, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream.
Risk Information
Base Score
7.5
MODERATE
Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.401
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Set of tools to gather troubleshooting data from a system (USN-2845-1) sosreport_3.1-1ubuntu2.2_i386.deb | Linux |
| Set of tools to gather troubleshooting data from a system (USN-2845-1) sosreport_3.1-1ubuntu2.2_amd64.deb | Linux |
| Set of tools to gather troubleshooting data from a system (USN-2845-1) sosreport_3.2-2ubuntu0.1_i386.deb | Linux |
| Set of tools to gather troubleshooting data from a system (USN-2845-1) sosreport_3.2-2ubuntu0.1_amd64.deb | Linux |
| Set of tools to gather troubleshooting data from a system (USN-2845-1) sosreport_3.2-2ubuntu1_i386.deb | Linux |
| Set of tools to gather troubleshooting data from a system (USN-2845-1) sosreport_3.2-2ubuntu1_amd64.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234