Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2664


Vulnerability Score 4.3 4.3
CVE Id CVE-2012-2664
Last Modified 21 Aug 2013 11:55:00
Published 29 Jun 2012 03:55:03
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE



The sosreport utility in the Red Hat sos package before 2.2-29 does not remove the root user password information from the Kickstart configuration file (/root/anaconda-ks.cfg) when creating an archive of debugging information, which might allow attackers to obtain passwords or password hashes.

Vulnerable Systems


  • Redhat Sos 2.2-18


XF - sos-anaconda-info-disclosure(76468)

BID - 54116

REDHAT - RHSA-2012:0958

REDHAT - RHSA-2013:1121

Last Updated: 27 May 2016 10:51:38