CVE-2014-3925 Detail
Current Description
sosreport in Red Hat sos 1.7 and earlier on Red Hat Enterprise Linux (RHEL) 5 produces an archive with an fstab file potentially containing cleartext passwords, and lacks a warning about reviewing this archive to detect included passwords, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream.
Source:
MITRE
Description Last Modified:
06/01/2014
View Analysis Description
Analysis Description
sosreport in Red Hat sos 1.7 and earlier on Red Hat Enterprise Linux (RHEL) 5 produces an archive with an fstab file potentially containing cleartext passwords, and lacks a warning about reviewing the file to detect included passwords, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream.
Source:
MITRE
Description Last Modified:
06/01/2014
Impact
CVSS v2.0 Severity and Metrics:
Base Score:
5.0 MEDIUM
Vector:
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
(V2 legend)
Impact Subscore:
2.9
Exploitability Subscore:
10.0
Access Vector (AV):
Network
Access Complexity (AC):
Low
Authentication (AU):
None
Confidentiality (C):
Partial
Integrity (I):
None
Availability (A):
None
Additional Information:
Allows unauthorized disclosure of information
References to Advisories, Solutions, and Tools
By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because
they may have information that would be of interest to you. No inferences should be drawn on account of other sites
being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose.
NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further,
NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about
this page to nvd@nist.gov.
Change History
4 change records found
- show changes
Modified Analysis -
4/6/2016 8:53:40 AM
| Action |
Type |
Old Value |
New Value |
| Changed |
CPE Configuration |
Configuration 1
AND
OR
*cpe:2.3:a:redhat:sos:1.7:*:*:*:*:*:*:* (and previous)
OR
*cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:* |
Configuration 1
OR
*cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
*cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
*cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
Configuration 2
AND
OR
*cpe:2.3:a:redhat:sos:1.7:*:*:*:*:*:*:* (and previous)
OR
cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:* |
CVE Translated -
2/17/2016 4:45:02 PM
| Action |
Type |
Old Value |
New Value |
| Added |
Translation |
|
sosreport en Red Hat sos 1.7 y versiones anteriores en Red Hat Enterprise Linux (RHEL) 5 produce un archivo con un fichero fstab conteniendo potencialmente contraseñas en texto plano, y carece de una advertencia sobre la revisión de este fichero para detectar las contraseñas incluidas, lo que podría permitir a atacantes remotos obtener información sensible aprovechando el acceso al flujo de datos de soporte técnico. |
| Removed |
Translation |
sosreport en Red Hat sos 1.7 y anteriores en Red Hat Enterprise Linux (RHEL) 5 produce un archivo con un archivo fstab que potencialmente contiene contraseñas en texto claro, y no tiene un aviso acerca de la revisión del archivo para detectar contraseñas incluidas, lo que podría permitir a atacantes remotos obtener información sensible mediante el aprovechamiento de acceso a un flujo de datos de apoyo técnico. |
|
CVE Modified by Source -
1/11/2016 9:59:01 PM
| Action |
Type |
Old Value |
New Value |
| Added |
Reference |
|
http://www.ubuntu.com/usn/USN-2845-1 |
Initial CVE Analysis -
6/2/2014 2:58:30 PM
Quick Info
CVE Dictionary Entry:
CVE-2014-3925
NVD Published Date:
06/01/2014
NVD Last Modified:
04/06/2016
|