PT-2014-5690 · Ibm+2 · Powerpc-Utils+2

Publicado

2014-06-17

Atualizado

2025-11-10

CVE-2014-4040

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions powerpc-utils version 1.2.20

Description The issue allows remote attackers to obtain sensitive information by leveraging access to a technical-support data stream, as the snap function in powerpc-utils produces an archive with fstab and yaboot.conf files that might contain cleartext passwords. It lacks a warning about reviewing this archive to detect included passwords.

Recommendations For powerpc-utils version 1.2.20, consider reviewing the archive produced by the snap function to detect any included passwords in the fstab and yaboot.conf files, and take necessary actions to secure sensitive information. As a temporary workaround, restrict access to the technical-support data stream to minimize the risk of exploitation.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-310

Identificadores relacionados

CVE-2014-4040

RHSA-2015:0384

RHSA-2015_0384

SUSE-RU-2015:0574-1

SUSE-SU-2014_1211-1

SUSE-SU-2015:0232-1

SUSE-SU-2015_0232-1

SUSE-SU-2025:21067-1

Produtos afetados

Red Hat

Suse

Powerpc-Utils

PT-2014-5690 · Ibm+2 · Powerpc-Utils+2

CVE-2014-4040

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 26