CVE-2015-7529

Name of the Vulnerable Software and Affected Versions SoS versions 3.x

Description The issue allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date.

Recommendations For SoS version 3.x, consider restricting access to the temporary directory where sosreport files are stored to minimize the risk of exploitation. As a temporary workaround, avoid using the sosreport feature until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.