RSS   Vulnerabilities for 'SOS'   RSS

2017-11-06
 
CVE-2015-7529

CWE-59
 

 
sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date.

 
2017-07-25
 
CVE-2015-3171

 

 
sosreport 3.2 uses weak permissions for generated sosreport archives, which allows local users with access to /var/tmp/ to obtain sensitive information by reading the contents of the archive.

 


Copyright 2024, cxsecurity.com

 

Back to Top