CVE-2012-2664 - OpenCVE

The sosreport utility in the Red Hat sos package before 2.2-29 does not remove the root user password information from the Kickstart configuration file (/root/anaconda-ks.cfg) when creating an archive of debugging information, which might allow attackers to obtain passwords or password hashes.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Sos

Configuration 1 [-]

cpe:2.3:a:redhat:sos:*:*:*:*:*:*:*:*

References

Link	Resource
http://rhn.redhat.com/errata/RHSA-2012-0958.html	Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-1121.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.securityfocus.com/bid/54116
https://exchange.xforce.ibmcloud.com/vulnerabilities/76468

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2012-06-29T19:00:00

Updated: 2017-08-28T12:57:01

Reserved: 2012-05-14T00:00:00

Link: CVE-2012-2664

JSON object: View

NVD Information

Status : Modified

Published: 2012-06-29T19:55:03.797

Modified: 2017-08-29T01:31:38.697

Link: CVE-2012-2664

JSON object: View

Redhat Information

No data.

CWE

CWE-255

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:sos:*:*:*:*:*:*:*:*", "matchCriteriaId": "145DE1D0-7982-4A90-8183-0D7F4670A614", "versionEndIncluding": "2.2-18", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The sosreport utility in the Red Hat sos package before 2.2-29 does not remove the root user password information from the Kickstart configuration file (/root/anaconda-ks.cfg) when creating an archive of debugging information, which might allow attackers to obtain passwords or password hashes."}, {"lang": "es", "value": "La utilidad sosreport del paquete sos de Red Hat anteriores a 2.2-29 no elimina informaci\u00f3n de la contrase\u00f1a del usuario administrador del archivo de configuraci\u00f3n Kickstart (/root/anaconda-ks.cfg) cuando se crea un archivo con informaci\u00f3n de configuraci\u00f3n, lo que puede permitir a atacantes obtener contrase\u00f1as o hashes de contrase\u00f1as."}], "id": "CVE-2012-2664", "lastModified": "2017-08-29T01:31:38.697", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-06-29T19:55:03.797", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2012-0958.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2013-1121.html"}, {"source": "secalert@redhat.com", "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/54116"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76468"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-255"}], "source": "nvd@nist.gov", "type": "Primary"}]}