Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 19 Jul 2014 19:09:06 +0300
From: "Dolev Farhi" <dolevf@...oo.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE's for intersection vulnerabilities

On Sat, 19 Jul 2014 14:32:50 +0300, intrigeri <intrigeri@...m.org> wrote:

> Hi,
>
> Kurt Seifried wrote (19 Jul 2014 00:33:38 GMT) :
>> So long story short: we have a program called sosreport that is used
>> to send system information back to Red Hat so we can help customers
>> troubleshoot their problems. It would appear we have three main
>> classes of (potential) security vulnerabilities:
>
> The severity of these potential vulnerabilities may partly depend on
> how well sosreport authenticates the server it sends information to.
>
> Cheers,
> --
> intrigeri


Just wanna mention that sosreport is used by many companies other than red  
hat (e.g. a company may ask for an sosreport from their customers), i know  
that we use it to get environment data from customers.


-- 



/df

---
This email is free from viruses and malware because avast! Antivirus protection is active.
http://www.avast.com

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ