CVE-2014-3925

NameCVE-2014-3925
Descriptionsosreport in Red Hat sos 1.7 and earlier on Red Hat Enterprise Linux (RHEL) 5 produces an archive with an fstab file potentially containing cleartext passwords, and lacks a warning about reviewing this archive to detect included passwords, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
sosreport (PTS)jessie3.2-2fixed
stretch3.3+git50-g3c0349b-2fixed
buster3.6-1fixed
bullseye, bookworm4.0-2fixed
sid, trixie4.8.1-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
sosreportsource(unstable)(not affected)

Notes

- sosreport <not-affected> (RedHat-specific issue)

Search for package or bug name: Reporting problems