oss-sec mailing list archives
CVE request: sos: /etc/fstab collected by sosreport, possibly containing passwords
From: Murray McAllister <mmcallis () redhat com>
Date: Thu, 29 May 2014 21:03:35 +1000
Good morning, From <https://bugzilla.redhat.com/show_bug.cgi?id=1102633>:It was reported that sosreport collected and stored "/etc/fstab" in the resulting archive of debugging information. This may contain plain text passwords (or a link to the file containing them), for example, credentials for Samba mounts. This could leak passwords to an attacker who is able to access the archive. Sensitive information in "/etc/fstab" should be sanitized before being stored by sosreport.
Note that "/etc/fstab" is world-readable, so local attackers should not be a concern (they can read the file anyway). This could be an issue when the sosreport is sent to other parties.
Acknowledgements:Red Hat would like to thank Dolev Farhi of F5 Networks for reporting this issue.
I think it should have a CVE, but I am less sure due to "/etc/fstab" being world-readable, so I have not assigned one.
Thanks, -- Murray McAllister / Red Hat Security Response Team
Current thread:
- CVE request: sos: /etc/fstab collected by sosreport, possibly containing passwords Murray McAllister (May 29)
- Re: CVE request: sos: /etc/fstab collected by sosreport, possibly containing passwords Vincent Danen (May 29)
- Re: CVE request: sos: /etc/fstab collected by sosreport, possibly containing passwords Dolev Farhi (May 29)
- Re: CVE request: sos: /etc/fstab collected by sosreport, possibly containing passwords Kurt Seifried (May 29)
- Re: CVE request: sos: /etc/fstab collected by sosreport, possibly containing passwords Vincent Danen (May 30)
- Re: CVE request: sos: /etc/fstab collected by sosreport, possibly containing passwords Dolev Farhi (May 29)
- Re: CVE request: sos: /etc/fstab collected by sosreport, possibly containing passwords Vincent Danen (May 29)
- Re: CVE request: sos: /etc/fstab collected by sosreport, possibly containing passwords cve-assign (May 30)