CVE-2014-0246 - SOSreport stores the md5 hash of the GRUB bootloader password in an archive, which allows local user

CVE-2014-0246

Summary

SOSreport stores the md5 hash of the GRUB bootloader password in an archive, which allows local users to obtain sensitive information by reading the archive.

References

http://www.openwall.com/lists/oss-security/2014/05/27/1
http://www.securityfocus.com/bid/67634
https://bugzilla.redhat.com/show_bug.cgi?id=1101393

Vulnerable Configurations

cpe:2.3:a:sosreport_project:sosreport:-:*:*:*:*:*:*:*
cpe:2.3:a:sosreport_project:sosreport:-:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 30-05-2014 - 13:59)
Impact:
Exploitability:

CWE

CWE-255

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:N/A:N

refmap via4

bid	67634
confirm	https://bugzilla.redhat.com/show_bug.cgi?id=1101393
mlist	[oss-security] 20140527 CVE-2014-0246 sos: md5 hash of GRUB password collected when running sosreport

Last major update

30-05-2014 - 13:59

Published

29-05-2014 - 14:19

Last modified

30-05-2014 - 13:59