ID |
CVE-2011-4083
|
Summary |
The sosreport utility in the Red Hat sos package before 1.7-9 and 2.x before 2.2-17 includes (1) Certificate-based Red Hat Network private entitlement keys and the (2) private key for the entitlement in an archive of debugging information, which might allow remote attackers to obtain sensitive information by reading the archive. |
References |
|
Vulnerable Configurations |
-
cpe:2.3:a:redhat:sos:2.2-3:*:*:*:*:*:*:*
cpe:2.3:a:redhat:sos:2.2-3:*:*:*:*:*:*:*
-
cpe:2.3:a:redhat:sos:2.2-6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:sos:2.2-6:*:*:*:*:*:*:*
-
cpe:2.3:a:redhat:sos:2.2-7:*:*:*:*:*:*:*
cpe:2.3:a:redhat:sos:2.2-7:*:*:*:*:*:*:*
-
cpe:2.3:a:redhat:sos:2.2-8:*:*:*:*:*:*:*
cpe:2.3:a:redhat:sos:2.2-8:*:*:*:*:*:*:*
-
cpe:2.3:a:redhat:sos:2.2-9:*:*:*:*:*:*:*
cpe:2.3:a:redhat:sos:2.2-9:*:*:*:*:*:*:*
-
cpe:2.3:a:redhat:sos:2.2-10:*:*:*:*:*:*:*
cpe:2.3:a:redhat:sos:2.2-10:*:*:*:*:*:*:*
-
cpe:2.3:a:redhat:sos:2.2-11:*:*:*:*:*:*:*
cpe:2.3:a:redhat:sos:2.2-11:*:*:*:*:*:*:*
-
cpe:2.3:a:redhat:sos:2.2-14:*:*:*:*:*:*:*
cpe:2.3:a:redhat:sos:2.2-14:*:*:*:*:*:*:*
-
cpe:2.3:a:redhat:sos:2.2-15:*:*:*:*:*:*:*
cpe:2.3:a:redhat:sos:2.2-15:*:*:*:*:*:*:*
-
cpe:2.3:a:redhat:sos:2.2-16:*:*:*:*:*:*:*
cpe:2.3:a:redhat:sos:2.2-16:*:*:*:*:*:*:*
-
cpe:2.3:a:redhat:sos:1.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:sos:1.6:*:*:*:*:*:*:*
-
cpe:2.3:a:redhat:sos:1.7:*:*:*:*:*:*:*
cpe:2.3:a:redhat:sos:1.7:*:*:*:*:*:*:*
-
cpe:2.3:a:redhat:sos:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:sos:*:*:*:*:*:*:*:*
-
cpe:2.3:a:redhat:sos:1.7-8:*:*:*:*:*:*:*
cpe:2.3:a:redhat:sos:1.7-8:*:*:*:*:*:*:*
|
CVSS |
Base: | 4.3 (as of 19-02-2014 - 00:40) |
Impact: | |
Exploitability: | |
|
CWE |
CWE-310 |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
MEDIUM |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
PARTIAL |
NONE |
NONE |
|
cvss-vector
via4
|
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
redhat
via4
|
advisories | bugzilla | id | 749383 | title | CVE-2011-4083 sos: sosreport is gathering certificate-based RHN entitlement private keys |
| oval | OR | comment | Red Hat Enterprise Linux must be installed | oval | oval:com.redhat.rhba:tst:20070304026 |
AND | comment | Red Hat Enterprise Linux 6 is installed | oval | oval:com.redhat.rhba:tst:20111656003 |
comment | sos is earlier than 0:2.2-17.el6 | oval | oval:com.redhat.rhsa:tst:20111536001 |
comment | sos is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhsa:tst:20111536002 |
|
|
| rhsa | id | RHSA-2011:1536 | released | 2011-12-05 | severity | Low | title | RHSA-2011:1536: sos security, bug fix, and enhancement update (Low) |
|
bugzilla | id | 750573 | title | sosreport cluster modules fail with badly formed cluster.conf |
| oval | OR | comment | Red Hat Enterprise Linux must be installed | oval | oval:com.redhat.rhba:tst:20070304026 |
AND | comment | Red Hat Enterprise Linux 5 is installed | oval | oval:com.redhat.rhba:tst:20070331005 |
comment | sos is earlier than 0:1.7-9.62.el5 | oval | oval:com.redhat.rhsa:tst:20120153001 |
comment | sos is signed with Red Hat redhatrelease key | oval | oval:com.redhat.rhba:tst:20141200002 |
|
|
| rhsa | id | RHSA-2012:0153 | released | 2012-02-21 | severity | Low | title | RHSA-2012:0153: sos security, bug fix, and enhancement update (Low) |
|
| rpms | - sos-0:2.2-17.el6
- sos-0:1.7-9.62.el5
|
|
refmap
via4
|
|
Last major update |
19-02-2014 - 00:40 |
Published |
17-02-2014 - 16:55 |
Last modified |
19-02-2014 - 00:40 |