CVE-2015-3171 - OpenCVE

sosreport 3.2 uses weak permissions for generated sosreport archives, which allows local users with access to /var/tmp/ to obtain sensitive information by reading the contents of the archive.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Sos Project	Sos

Configuration 1 [-]

cpe:2.3:a:sos_project:sos:3.2:-:*:*:*:*:*:*

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1218658	Issue Tracking Patch Third Party Advisory
https://github.com/sosreport/sos/commit/d7759d3ddae5fe99a340c88a1d370d65cfa73fd6	Issue Tracking Patch Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2017-07-25T18:00:00

Updated: 2017-07-25T17:57:01

Reserved: 2015-04-10T00:00:00

Link: CVE-2015-3171

JSON object: View

NVD Information

Status : Analyzed

Published: 2017-07-25T18:29:00.417

Modified: 2019-12-11T20:59:57.143

Link: CVE-2015-3171

JSON object: View

Redhat Information

No data.

CWE

CWE-200

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sos_project:sos:3.2:-:*:*:*:*:*:*", "matchCriteriaId": "B133A5FC-FC48-413B-82C0-36E646143E54", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "sosreport 3.2 uses weak permissions for generated sosreport archives, which allows local users with access to /var/tmp/ to obtain sensitive information by reading the contents of the archive."}, {"lang": "es", "value": "sosreport versi\u00f3n 3.2, utiliza permisos d\u00e9biles para los archivos de sosreport generados, lo que permite a los usuarios locales con acceso a /var/tmp/ obtener informaci\u00f3n confidencial mediante la lectura del contenido del archivo."}], "id": "CVE-2015-3171", "lastModified": "2019-12-11T20:59:57.143", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-07-25T18:29:00.417", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1218658"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/sosreport/sos/commit/d7759d3ddae5fe99a340c88a1d370d65cfa73fd6"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}