CVE-2014-3925

sosreport in Red Hat sos 1.7 and earlier on Red Hat Enterprise Linux (RHEL) 5 produces an archive with an fstab file potentially containing cleartext passwords, and lacks a warning about reviewing this archive to detect included passwords, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream.

Published: Jun 1, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-3925
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-255

Affected Software
References

Software	From	Fixed in
canonical / ubuntu_linux	15.10	15.10.x
canonical / ubuntu_linux	14.04	14.04.x
canonical / ubuntu_linux	15.04	15.04.x
redhat / sos	-	1.7.x

http://openwall.com/lists/oss-security/2014/05/29/6
http://openwall.com/lists/oss-security/2014/05/30/3
http://www.ubuntu.com/usn/USN-2845-1
https://bugzilla.redhat.com/show_bug.cgi?id=1102633

Vulnerability Database

CVE-2014-3925