LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

sos: privilege escalation

Package(s):sos CVE #(s):CVE-2012-2664
Created:June 20, 2012 Updated:July 11, 2012
Description: From the Red Hat advisory:

The sosreport utility collected the Kickstart configuration file ("/root/anaconda-ks.cfg"), but did not remove the root user's password from it before adding the file to the resulting archive of debugging information. An attacker able to access the archive could possibly use this flaw to obtain the root user's password. "/root/anaconda-ks.cfg" usually only contains a hash of the password, not the plain text password.

Alerts:
Red Hat RHSA-2012:0958-04 2012-06-20
Oracle ELSA-2012-0958 2012-07-02
Scientific Linux SL-sos-20120709 2012-07-09
CentOS CESA-2012:0958 2012-07-10
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds