Vulnerability Description
SOSreport stores the md5 hash of the GRUB bootloader password in an archive, which allows local users to obtain sensitive information by reading the archive.
CVSS Score
4.3
MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sosreport Project | Sosreport | - |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2014/05/27/1
- http://www.securityfocus.com/bid/67634
- https://bugzilla.redhat.com/show_bug.cgi?id=1101393
- http://www.openwall.com/lists/oss-security/2014/05/27/1
- http://www.securityfocus.com/bid/67634
- https://bugzilla.redhat.com/show_bug.cgi?id=1101393
FAQ
What is CVE-2014-0246?
CVE-2014-0246 is a vulnerability with a CVSS score of 4.3 (MEDIUM). SOSreport stores the md5 hash of the GRUB bootloader password in an archive, which allows local users to obtain sensitive information by reading the archive.
How severe is CVE-2014-0246?
CVE-2014-0246 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-0246?
Check the references section above for vendor advisories and patch information. Affected products include: Sosreport Project Sosreport.