CVE-2012-2664

CWE-2556 documents5 sources
Severity
4.3MEDIUM
EPSS
0.4%
top 36.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat SOS
Timeline
PublishedJun 29
Latest updateMay 17

Description

The sosreport utility in the Red Hat sos package before 2.2-29 does not remove the root user password information from the Kickstart configuration file (/root/anaconda-ks.cfg) when creating an archive of debugging information, which might allow attackers to obtain passwords or password hashes.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDredhat/sos2.2-18

🔴Vulnerability Details

2
GHSA
GHSA-3979-2hvm-67c3: The sosreport utility in the Red Hat sos package before 22022-05-17
CVEList
CVE-2012-2664: The sosreport utility in the Red Hat sos package before 22012-06-29

📋Vendor Advisories

1
Red Hat
sosreport does not blank root password in anaconda plugin2012-02-14

💬Community

2
Bugzilla
CVE-2014-0246 sos: md5 hash of GRUB password collected when running sosreport2014-05-27
Bugzilla
CVE-2012-2664 sosreport does not blank root password in anaconda plugin2012-05-31
CVE-2012-2664 (MEDIUM CVSS 4.3) | The sosreport utility in the Red Ha | cvebase.io