ID CVE-2012-2664
Summary The sosreport utility in the Red Hat sos package before 2.2-29 does not remove the root user password information from the Kickstart configuration file (/root/anaconda-ks.cfg) when creating an archive of debugging information, which might allow attackers to obtain passwords or password hashes.
References
Vulnerable Configurations
  • Red Hat sos package 2.2-18
    cpe:2.3:a:redhat:sos:2.2-18
CVSS
Base: 4.3 (as of 02-07-2012 - 10:14)
Impact:
Exploitability:
CWE CWE-255
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
nessus via4
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2013-1121.NASL
    description An updated sos package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The sos package contains a set of tools that gather information from system hardware, logs and configuration files. The information can then be used for diagnostic purposes and debugging. The sosreport utility collected the Kickstart configuration file ('/root/anaconda-ks.cfg'), but did not remove the root user's password from it before adding the file to the resulting archive of debugging information. An attacker able to access the archive could possibly use this flaw to obtain the root user's password. '/root/anaconda-ks.cfg' usually only contains a hash of the password, not the plain text password. (CVE-2012-2664) Note: This issue affected all installations, not only systems installed via Kickstart. A '/root/anaconda-ks.cfg' file is created by all installation types. The utility also collects yum repository information from '/etc/yum.repos.d' which in uncommon configurations may contain passwords. Any http_proxy password specified in these files will now be automatically removed. Passwords embedded within URLs in these files should be manually removed or the files excluded from the archive. All users of sos are advised to upgrade to this updated package, which contains a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 69144
    published 2013-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69144
    title CentOS 5 : sos (CESA-2013:1121)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-1121.NASL
    description An updated sos package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The sos package contains a set of tools that gather information from system hardware, logs and configuration files. The information can then be used for diagnostic purposes and debugging. The sosreport utility collected the Kickstart configuration file ('/root/anaconda-ks.cfg'), but did not remove the root user's password from it before adding the file to the resulting archive of debugging information. An attacker able to access the archive could possibly use this flaw to obtain the root user's password. '/root/anaconda-ks.cfg' usually only contains a hash of the password, not the plain text password. (CVE-2012-2664) Note: This issue affected all installations, not only systems installed via Kickstart. A '/root/anaconda-ks.cfg' file is created by all installation types. The utility also collects yum repository information from '/etc/yum.repos.d' which in uncommon configurations may contain passwords. Any http_proxy password specified in these files will now be automatically removed. Passwords embedded within URLs in these files should be manually removed or the files excluded from the archive. All users of sos are advised to upgrade to this updated package, which contains a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 69162
    published 2013-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69162
    title RHEL 5 : sos (RHSA-2013:1121)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20130730_SOS_ON_SL5_X.NASL
    description The sosreport utility collected the Kickstart configuration file ('/root /anaconda-ks.cfg'), but did not remove the root user's password from it before adding the file to the resulting archive of debugging information. An attacker able to access the archive could possibly use this flaw to obtain the root user's password. '/root/anaconda-ks.cfg' usually only contains a hash of the password, not the plain text password. (CVE-2012-2664) Note: This issue affected all installations, not only systems installed via Kickstart. A '/root/anaconda-ks.cfg' file is created by all installation types. The utility also collects yum repository information from '/etc/yum.repos.d' which in uncommon configurations may contain passwords. Any http_proxy password specified in these files will now be automatically removed. Passwords embedded within URLs in these files should be manually removed or the files excluded from the archive.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 69167
    published 2013-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69167
    title Scientific Linux Security Update : sos on SL5.x (noarch)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-0958.NASL
    description An updated sos package that fixes one security issue, several bugs, and adds various enhancements is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The sos package contains a set of tools that gather information from system hardware, logs and configuration files. The information can then be used for diagnostic purposes and debugging. The sosreport utility collected the Kickstart configuration file ('/root/anaconda-ks.cfg'), but did not remove the root user's password from it before adding the file to the resulting archive of debugging information. An attacker able to access the archive could possibly use this flaw to obtain the root user's password. '/root/anaconda-ks.cfg' usually only contains a hash of the password, not the plain text password. (CVE-2012-2664) Note: This issue affected all installations, not only systems installed via Kickstart. A '/root/anaconda-ks.cfg' file is created by all installation types. This updated sos package also includes numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.3 Technical Notes for information on the most significant of these changes. All users of sos are advised to upgrade to this updated package, which contains backported patches to correct these issues and add these enhancements.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 59598
    published 2012-06-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59598
    title RHEL 6 : sos (RHSA-2012:0958)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2013-1121.NASL
    description From Red Hat Security Advisory 2013:1121 : An updated sos package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The sos package contains a set of tools that gather information from system hardware, logs and configuration files. The information can then be used for diagnostic purposes and debugging. The sosreport utility collected the Kickstart configuration file ('/root/anaconda-ks.cfg'), but did not remove the root user's password from it before adding the file to the resulting archive of debugging information. An attacker able to access the archive could possibly use this flaw to obtain the root user's password. '/root/anaconda-ks.cfg' usually only contains a hash of the password, not the plain text password. (CVE-2012-2664) Note: This issue affected all installations, not only systems installed via Kickstart. A '/root/anaconda-ks.cfg' file is created by all installation types. The utility also collects yum repository information from '/etc/yum.repos.d' which in uncommon configurations may contain passwords. Any http_proxy password specified in these files will now be automatically removed. Passwords embedded within URLs in these files should be manually removed or the files excluded from the archive. All users of sos are advised to upgrade to this updated package, which contains a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2016-05-06
    plugin id 69159
    published 2013-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69159
    title Oracle Linux 5 : sos (ELSA-2013-1121)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20120620_SOS_ON_SL6.NASL
    description The sos package contains a set of tools that gather information from system hardware, logs and configuration files. The information can then be used for diagnostic purposes and debugging. The sosreport utility collected the Kickstart configuration file ('/root/anaconda-ks.cfg'), but did not remove the root user's password from it before adding the file to the resulting archive of debugging information. An attacker able to access the archive could possibly use this flaw to obtain the root user's password. '/root/anaconda-ks.cfg' usually only contains a hash of the password, not the plain text password. (CVE-2012-2664) Note: This issue affected all installations, not only systems installed via Kickstart. A '/root/anaconda-ks.cfg' file is created by all installation types. This updated sos package also includes numerous bug fixes and enhancements. All users of sos are advised to upgrade to this updated package, which contains backported patches to correct these issues and add these enhancements.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 61350
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61350
    title Scientific Linux Security Update : sos on SL6.x
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2012-0958.NASL
    description From Red Hat Security Advisory 2012:0958 : An updated sos package that fixes one security issue, several bugs, and adds various enhancements is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The sos package contains a set of tools that gather information from system hardware, logs and configuration files. The information can then be used for diagnostic purposes and debugging. The sosreport utility collected the Kickstart configuration file ('/root/anaconda-ks.cfg'), but did not remove the root user's password from it before adding the file to the resulting archive of debugging information. An attacker able to access the archive could possibly use this flaw to obtain the root user's password. '/root/anaconda-ks.cfg' usually only contains a hash of the password, not the plain text password. (CVE-2012-2664) Note: This issue affected all installations, not only systems installed via Kickstart. A '/root/anaconda-ks.cfg' file is created by all installation types. This updated sos package also includes numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.3 Technical Notes for information on the most significant of these changes. All users of sos are advised to upgrade to this updated package, which contains backported patches to correct these issues and add these enhancements.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68562
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68562
    title Oracle Linux 6 : sos (ELSA-2012-0958)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2012-0958.NASL
    description An updated sos package that fixes one security issue, several bugs, and adds various enhancements is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The sos package contains a set of tools that gather information from system hardware, logs and configuration files. The information can then be used for diagnostic purposes and debugging. The sosreport utility collected the Kickstart configuration file ('/root/anaconda-ks.cfg'), but did not remove the root user's password from it before adding the file to the resulting archive of debugging information. An attacker able to access the archive could possibly use this flaw to obtain the root user's password. '/root/anaconda-ks.cfg' usually only contains a hash of the password, not the plain text password. (CVE-2012-2664) Note: This issue affected all installations, not only systems installed via Kickstart. A '/root/anaconda-ks.cfg' file is created by all installation types. This updated sos package also includes numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.3 Technical Notes for information on the most significant of these changes. All users of sos are advised to upgrade to this updated package, which contains backported patches to correct these issues and add these enhancements.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 59933
    published 2012-07-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59933
    title CentOS 6 : sos (CESA-2012:0958)
redhat via4
advisories
  • bugzilla
    id 826884
    title CVE-2012-2664 sosreport does not blank root password in anaconda plugin
    oval
    AND
    • comment sos is earlier than 0:2.2-29.el6
      oval oval:com.redhat.rhsa:tst:20120958005
    • comment sos is signed with Red Hat redhatrelease2 key
      oval oval:com.redhat.rhsa:tst:20111536006
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhba:tst:20111656001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhba:tst:20111656002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20111656004
    rhsa
    id RHSA-2012:0958
    released 2012-06-20
    severity Low
    title RHSA-2012:0958: sos security, bug fix, and enhancement update (Low)
  • bugzilla
    id 965807
    title sosreport does not blankout password in anaconda-ks.cfg and yum.repo
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • comment sos is earlier than 0:1.7-9.62.el5_9.1
      oval oval:com.redhat.rhsa:tst:20131121002
    • comment sos is signed with Red Hat redhatrelease key
      oval oval:com.redhat.rhba:tst:20141200003
    rhsa
    id RHSA-2013:1121
    released 2013-07-30
    severity Low
    title RHSA-2013:1121: sos security update (Low)
rpms
  • sos-0:2.2-29.el6
  • sos-0:1.7-9.62.el5_9.1
refmap via4
bid 54116
confirm http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
xf sos-anaconda-info-disclosure(76468)
Last major update 08-09-2016 - 21:59
Published 29-06-2012 - 15:55
Last modified 28-08-2017 - 21:31
Back to Top