Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 29 May 2014 21:03:35 +1000
From: Murray McAllister <mmcallis@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE request: sos: /etc/fstab collected by sosreport, possibly containing
 passwords

Good morning,

 From <https://bugzilla.redhat.com/show_bug.cgi?id=1102633>:

It was reported that sosreport collected and stored "/etc/fstab" in the 
resulting archive of debugging information. This may contain plain text 
passwords (or a link to the file containing them), for example, 
credentials for Samba mounts. This could leak passwords to an attacker 
who is able to access the archive. Sensitive information in "/etc/fstab" 
should be sanitized before being stored by sosreport.

Note that "/etc/fstab" is world-readable, so local attackers should not 
be a concern (they can read the file anyway). This could be an issue 
when the sosreport is sent to other parties.

Acknowledgements:

Red Hat would like to thank Dolev Farhi of F5 Networks for reporting 
this issue.

I think it should have a CVE, but I am less sure due to "/etc/fstab" 
being world-readable, so I have not assigned one.

Thanks,

--
Murray McAllister / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ