CVE-2014-3925 — Ubuntu Linux vulnerability

CWE-2559 documents8 sources

Severity

5.0MEDIUMNVD

EPSS

0.4%

top 39.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat SOS Canonical Ubuntu Linux

Timeline

PublishedJun 1

Latest updateMay 17

Description

sosreport in Red Hat sos 1.7 and earlier on Red Hat Enterprise Linux (RHEL) 5 produces an archive with an fstab file potentially containing cleartext passwords, and lacks a warning about reviewing this archive to detect included passwords, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDredhat/sos1.7

Also affects: Ubuntu Linux 14.04, 15.04, 15.10

🔴Vulnerability Details

GHSA

GHSA-37q9-ff6c-vjm6: sosreport in Red Hat sos 1↗2022-05-17

▶

OSV

sosreport vulnerabilities↗2015-12-18

▶

CVEList

CVE-2014-3925: sosreport in Red Hat sos 1↗2014-06-01

▶

OSV

CVE-2014-3925: sosreport in Red Hat sos 1↗2014-06-01

▶

📋Vendor Advisories

Ubuntu

SoS vulnerabilities↗2015-12-18

▶

Red Hat

sos: does not indicate data sent is potentially sensitive on Red Hat Enterprise Linux 5↗2014-05-29

▶

Debian

CVE-2014-3925: sosreport - sosreport in Red Hat sos 1.7 and earlier on Red Hat Enterprise Linux (RHEL) 5 pr...↗2014

▶

💬Community

Bugzilla

CVE-2014-3925 sos: does not indicate data sent is potentially sensitive on Red Hat Enterprise Linux 5↗2014-05-30

▶