Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 29 May 2014 21:03:35 +1000
From: Murray McAllister <mmcallis@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE request: sos: /etc/fstab collected by sosreport, possibly containing
 passwords

Good morning,

 From <https://bugzilla.redhat.com/show_bug.cgi?id=1102633>:

It was reported that sosreport collected and stored "/etc/fstab" in the 
resulting archive of debugging information. This may contain plain text 
passwords (or a link to the file containing them), for example, 
credentials for Samba mounts. This could leak passwords to an attacker 
who is able to access the archive. Sensitive information in "/etc/fstab" 
should be sanitized before being stored by sosreport.

Note that "/etc/fstab" is world-readable, so local attackers should not 
be a concern (they can read the file anyway). This could be an issue 
when the sosreport is sent to other parties.

Acknowledgements:

Red Hat would like to thank Dolev Farhi of F5 Networks for reporting 
this issue.

I think it should have a CVE, but I am less sure due to "/etc/fstab" 
being world-readable, so I have not assigned one.

Thanks,

--
Murray McAllister / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.