PT-2014-5690 · Ibm+2 · Powerpc-Utils+2

Published

2014-06-17

Updated

2025-11-10

CVE-2014-4040

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions powerpc-utils version 1.2.20

Description The issue allows remote attackers to obtain sensitive information by leveraging access to a technical-support data stream, as the snap function in powerpc-utils produces an archive with fstab and yaboot.conf files that might contain cleartext passwords. It lacks a warning about reviewing this archive to detect included passwords.

Recommendations For powerpc-utils version 1.2.20, consider reviewing the archive produced by the snap function to detect any included passwords in the fstab and yaboot.conf files, and take necessary actions to secure sensitive information. As a temporary workaround, restrict access to the technical-support data stream to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-310

Related Identifiers

CVE-2014-4040

RHSA-2015:0384

RHSA-2015_0384

SUSE-RU-2015:0574-1

SUSE-SU-2014_1211-1

SUSE-SU-2015:0232-1

SUSE-SU-2015_0232-1

SUSE-SU-2025:21067-1

Affected Products

Red Hat

Suse

Powerpc-Utils

PT-2014-5690 · Ibm+2 · Powerpc-Utils+2

CVE-2014-4040

Weakness Enumeration

Related Identifiers

Affected Products

References · 26