Vulnerability CVE-2011-4083


Published: 2014-02-17

Description:
The sosreport utility in the Red Hat sos package before 1.7-9 and 2.x before 2.2-17 includes (1) Certificate-based Red Hat Network private entitlement keys and the (2) private key for the entitlement in an archive of debugging information, which might allow remote attackers to obtain sensitive information by reading the archive.

Type:

CWE-310

(Cryptographic Issues)

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Redhat -> SOS 

 References:
http://rhn.redhat.com/errata/RHSA-2012-0153.html
http://rhn.redhat.com/errata/RHSA-2011-1536.html

Copyright 2024, cxsecurity.com

 

Back to Top