Vulnerabilities > CVE-2012-2664 - Credentials Management vulnerability in Redhat SOS 2.218
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
The sosreport utility in the Red Hat sos package before 2.2-29 does not remove the root user password information from the Kickstart configuration file (/root/anaconda-ks.cfg) when creating an archive of debugging information, which might allow attackers to obtain passwords or password hashes.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2012-0958.NASL description From Red Hat Security Advisory 2012:0958 : An updated sos package that fixes one security issue, several bugs, and adds various enhancements is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The sos package contains a set of tools that gather information from system hardware, logs and configuration files. The information can then be used for diagnostic purposes and debugging. The sosreport utility collected the Kickstart configuration file ( last seen 2020-06-01 modified 2020-06-02 plugin id 68562 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68562 title Oracle Linux 6 : sos (ELSA-2012-0958) NASL family Scientific Linux Local Security Checks NASL id SL_20120620_SOS_ON_SL6.NASL description The sos package contains a set of tools that gather information from system hardware, logs and configuration files. The information can then be used for diagnostic purposes and debugging. The sosreport utility collected the Kickstart configuration file ( last seen 2020-03-18 modified 2012-08-01 plugin id 61350 published 2012-08-01 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61350 title Scientific Linux Security Update : sos on SL6.x (20120620) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-0958.NASL description An updated sos package that fixes one security issue, several bugs, and adds various enhancements is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The sos package contains a set of tools that gather information from system hardware, logs and configuration files. The information can then be used for diagnostic purposes and debugging. The sosreport utility collected the Kickstart configuration file ( last seen 2020-06-01 modified 2020-06-02 plugin id 59598 published 2012-06-20 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59598 title RHEL 6 : sos (RHSA-2012:0958) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2013-1121.NASL description From Red Hat Security Advisory 2013:1121 : An updated sos package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The sos package contains a set of tools that gather information from system hardware, logs and configuration files. The information can then be used for diagnostic purposes and debugging. The sosreport utility collected the Kickstart configuration file ( last seen 2020-06-01 modified 2020-06-02 plugin id 69159 published 2013-07-31 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/69159 title Oracle Linux 5 : sos (ELSA-2013-1121) NASL family Scientific Linux Local Security Checks NASL id SL_20130730_SOS_ON_SL5_X.NASL description The sosreport utility collected the Kickstart configuration file ( last seen 2020-03-18 modified 2013-07-31 plugin id 69167 published 2013-07-31 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/69167 title Scientific Linux Security Update : sos on SL5.x (noarch) (20130730) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2012-0958.NASL description An updated sos package that fixes one security issue, several bugs, and adds various enhancements is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The sos package contains a set of tools that gather information from system hardware, logs and configuration files. The information can then be used for diagnostic purposes and debugging. The sosreport utility collected the Kickstart configuration file ( last seen 2020-06-01 modified 2020-06-02 plugin id 59933 published 2012-07-11 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59933 title CentOS 6 : sos (CESA-2012:0958) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2013-1121.NASL description An updated sos package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The sos package contains a set of tools that gather information from system hardware, logs and configuration files. The information can then be used for diagnostic purposes and debugging. The sosreport utility collected the Kickstart configuration file ( last seen 2020-06-01 modified 2020-06-02 plugin id 69144 published 2013-07-31 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/69144 title CentOS 5 : sos (CESA-2013:1121) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-1121.NASL description An updated sos package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The sos package contains a set of tools that gather information from system hardware, logs and configuration files. The information can then be used for diagnostic purposes and debugging. The sosreport utility collected the Kickstart configuration file ( last seen 2020-06-01 modified 2020-06-02 plugin id 69162 published 2013-07-31 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/69162 title RHEL 5 : sos (RHSA-2013:1121)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|