CVE-2014-3925

Name of the Vulnerable Software and Affected Versions Red Hat sos versions 1.7 and earlier

Description The issue concerns the sosreport in Red Hat sos, which generates an archive that may contain cleartext passwords in the fstab file. This archive lacks a warning about reviewing its contents to detect included passwords. As a result, remote attackers might obtain sensitive information by accessing a technical-support data stream.

Recommendations For Red Hat sos versions 1.7 and earlier, review the archive generated by sosreport for cleartext passwords in the fstab file and remove or secure any sensitive information before sharing the archive. Consider adding a warning to review the archive for included passwords to prevent unintended disclosure of sensitive information.