Date: Sat, 19 Jul 2014 19:09:06 +0300 From: "Dolev Farhi" <dolevf@...oo.com> To: oss-security@...ts.openwall.com Subject: Re: CVE's for intersection vulnerabilities On Sat, 19 Jul 2014 14:32:50 +0300, intrigeri <intrigeri@...m.org> wrote: > Hi, > > Kurt Seifried wrote (19 Jul 2014 00:33:38 GMT) : >> So long story short: we have a program called sosreport that is used >> to send system information back to Red Hat so we can help customers >> troubleshoot their problems. It would appear we have three main >> classes of (potential) security vulnerabilities: > > The severity of these potential vulnerabilities may partly depend on > how well sosreport authenticates the server it sends information to. > > Cheers, > -- > intrigeri Just wanna mention that sosreport is used by many companies other than red hat (e.g. a company may ask for an sosreport from their customers), i know that we use it to get environment data from customers. -- /df --- This email is free from viruses and malware because avast! Antivirus protection is active. http://www.avast.com
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ