Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2664

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-2664
Last Modified 21 Aug 2013 11:55:00
Published 29 Jun 2012 03:55:03
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-2664

Summary

The sosreport utility in the Red Hat sos package before 2.2-29 does not remove the root user password information from the Kickstart configuration file (/root/anaconda-ks.cfg) when creating an archive of debugging information, which might allow attackers to obtain passwords or password hashes.

Vulnerable Systems

Application

  • Redhat Sos 2.2-18


References

XF - sos-anaconda-info-disclosure(76468)

BID - 54116

REDHAT - RHSA-2012:0958

REDHAT - RHSA-2013:1121


Last Updated: 27 May 2016 10:51:38