Date: Thu, 29 May 2014 21:03:35 +1000 From: Murray McAllister <mmcallis@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE request: sos: /etc/fstab collected by sosreport, possibly containing passwords Good morning, From <https://bugzilla.redhat.com/show_bug.cgi?id=1102633>: It was reported that sosreport collected and stored "/etc/fstab" in the resulting archive of debugging information. This may contain plain text passwords (or a link to the file containing them), for example, credentials for Samba mounts. This could leak passwords to an attacker who is able to access the archive. Sensitive information in "/etc/fstab" should be sanitized before being stored by sosreport. Note that "/etc/fstab" is world-readable, so local attackers should not be a concern (they can read the file anyway). This could be an issue when the sosreport is sent to other parties. Acknowledgements: Red Hat would like to thank Dolev Farhi of F5 Networks for reporting this issue. I think it should have a CVE, but I am less sure due to "/etc/fstab" being world-readable, so I have not assigned one. Thanks, -- Murray McAllister / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.