PT-2014-2156 · Red Hat · Sos+1

Published

2011-12-05

Updated

2014-02-19

CVE-2011-4083

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Red Hat sos package versions prior to 1.7-9 Red Hat sos package versions 2.x prior to 2.2-17

Description The sosreport utility includes sensitive information, such as certificate-based Red Hat Network private entitlement keys and the private key for the entitlement, in an archive of debugging information. This could allow remote attackers to obtain sensitive information by reading the archive.

Recommendations For Red Hat sos package versions prior to 1.7-9, update to version 1.7-9 or later. For Red Hat sos package versions 2.x prior to 2.2-17, update to version 2.2-17 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-310

Related Identifiers

CVE-2011-4083

RHSA-2011:1536

RHSA-2011_1536

RHSA-2012:0153

RHSA-2012_0153

Affected Products

Red Hat

Sos

PT-2014-2156 · Red Hat · Sos+1

CVE-2011-4083

Weakness Enumeration

Related Identifiers

Affected Products

References · 7