CVE-2012-2664

Name of the Vulnerable Software and Affected Versions sos package versions prior to 2.2-29

Description The issue concerns the sosreport utility in the sos package, which does not properly remove the root user password information from the Kickstart configuration file (/root/anaconda-ks.cfg) when creating an archive of debugging information. This could allow attackers to obtain passwords or password hashes. The exploitation of this issue can be done remotely.

Recommendations For versions prior to 2.2-29, update the sos package to version 2.2-29 or later to resolve the issue. As a temporary workaround, consider manually removing the root user password information from the Kickstart configuration file (/root/anaconda-ks.cfg) before creating an archive of debugging information.