Vulnerability Description
The sosreport utility in the Red Hat sos package before 2.2-29 does not remove the root user password information from the Kickstart configuration file (/root/anaconda-ks.cfg) when creating an archive of debugging information, which might allow attackers to obtain passwords or password hashes.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Sos | <= 2.2-18 |
Related Weaknesses (CWE)
References
- http://rhn.redhat.com/errata/RHSA-2012-0958.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2013-1121.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htm
- http://www.securityfocus.com/bid/54116
- https://exchange.xforce.ibmcloud.com/vulnerabilities/76468
- http://rhn.redhat.com/errata/RHSA-2012-0958.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2013-1121.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htm
- http://www.securityfocus.com/bid/54116
- https://exchange.xforce.ibmcloud.com/vulnerabilities/76468
FAQ
What is CVE-2012-2664?
CVE-2012-2664 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The sosreport utility in the Red Hat sos package before 2.2-29 does not remove the root user password information from the Kickstart configuration file (/root/anaconda-ks.cfg) when creating an archive...
How severe is CVE-2012-2664?
CVE-2012-2664 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-2664?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Sos.