Date: Thu, 29 May 2014 21:03:35 +1000 From: Murray McAllister <mmcallis@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE request: sos: /etc/fstab collected by sosreport, possibly containing passwords Good morning, From <https://bugzilla.redhat.com/show_bug.cgi?id=1102633>: It was reported that sosreport collected and stored "/etc/fstab" in the resulting archive of debugging information. This may contain plain text passwords (or a link to the file containing them), for example, credentials for Samba mounts. This could leak passwords to an attacker who is able to access the archive. Sensitive information in "/etc/fstab" should be sanitized before being stored by sosreport. Note that "/etc/fstab" is world-readable, so local attackers should not be a concern (they can read the file anyway). This could be an issue when the sosreport is sent to other parties. Acknowledgements: Red Hat would like to thank Dolev Farhi of F5 Networks for reporting this issue. I think it should have a CVE, but I am less sure due to "/etc/fstab" being world-readable, so I have not assigned one. Thanks, -- Murray McAllister / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ