CVE-2015-7529: sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a…

CVE-2015-7529 [HIGH] SoSReport Predictable Tmp File Names SoSReport Predictable Tmp File Names sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by `sosreport-$hostname-$date.tar` in `/tmp/sosreport-$hostname-$date`.

CVE-2015-7529 [HIGH] CWE-59 SoSReport Predictable Tmp File Names SoSReport Predictable Tmp File Names sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by `sosreport-$hostname-$date.tar` in `/tmp/sosreport-$hostname-$date`.

CVE-2015-7529 [HIGH] CVE-2015-7529: sosreport in SoS 3 sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date.

CVE-2014-3925 [MEDIUM] sosreport vulnerabilities sosreport vulnerabilities Dolev Farhi discovered an information disclosure issue in SoS. If the /etc/fstab file contained passwords, the passwords were included in the SoS report. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-3925) Mateusz Guzik discovered that SoS incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files or gain access to temporary file contents containing sensitive system information. (CVE-2015-7529)

CVE-2014-3925 [MEDIUM] SoS vulnerabilities Title: SoS vulnerabilities Summary: sosreport could be made to expose sensitive information or overwrite files as the administrator. Dolev Farhi discovered an information disclosure issue in SoS. If the /etc/fstab file contained passwords, the passwords were included in the SoS report. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-3925) Mateusz Guzik discovered that SoS incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files or gain access to temporary file contents containing sensitive system information. (CVE-2015-7529) Instructions: In general, a standard system update will make all the necessary changes.

CVE-2015-7529 [HIGH] CWE-377 sos: Usage of predictable temporary files allows privilege escalation sos: Usage of predictable temporary files allows privilege escalation sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date. An insecure temporary file use flaw was found in the way sos created certain sosreport files. A local attacker could possibly use this flaw to perform a symbolic link attack to reveal the contents of sosreport files, or in some cases modify arbitrary files and escalate their privileges on the system. Package: sos (Red Hat Enterprise Linux 5) - Will not fix Package: sos (Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)) - Will not fix Package: sos (Red Hat

CVE-2015-7529 [HIGH] CVE-2015-7529: sosreport - sosreport in SoS 3.x allows local users to obtain sensitive information from sos... sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date. Scope: local bookworm: resolved (fixed in 3.2+git276-g7da50d6-3) bullseye: resolved (fixed in 3.2+git276-g7da50d6-3)

CVE-2015-7529 [HIGH] CVE-2015-7529 sos: Usage of predictable temporary files allows privilege escalation [fedora-all] CVE-2015-7529 sos: Usage of predictable temporary files allows privilege escalation [fedora-all] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple sup

CVE-2015-7529 [HIGH] CVE-2015-7529 sos: Usage of predictable temporary files allows privilege escalation CVE-2015-7529 sos: Usage of predictable temporary files allows privilege escalation A vulnerability in sosreport was reported, allowing a privilege escalation to unprivileged attacker on RHEL-6, and change the owner and content of certain files on RHEL-7. sosreport creates temporary directory in /tmp with predictable name sosreport-$hostname-$date with permissions set to 700. Then it creates a tar file with the aforementioned name + .tar suffix. Further it invokes open() with no O_NOFOLLOW nor O_EXCL set, which can be exploited by placing a file or a symlink in its place. Attacker can create his own file to steal the content or can create a symlink to create/modify arbitrary files. On RHEL-7, there is fs.protected_symlinks sysctl provided, which closes this vector. With the setting targ