RHBA-2014:1200
Vulnerability from csaf_redhat - Published: 2014-09-16 00:17 - Updated: 2025-11-21 17:21Summary
Red Hat Bug Fix Advisory: sos bug fix update
Notes
Topic
The updated sos package that fixes several bugs is now available for Red Hat Enterprise Linux 5.
Details
The sos package contains a set of utilities that gather information from system
hardware, logs, and configuration files. The information can then be used for
diagnostic purposes and debugging.
This update fixes the following bugs:
* Previously, the sosreport utility did not include the output of the "brctl
show" command for all systems. Consequently, information on bridged network
configurations was only available in the report tarball on systems using Xen for
virtualization. With this update, the networking module collects the output of
"brctl show" as well as "brctl showstp" commands for each configured bridge, and
thus bridged network configuration information is now available in the report
tarball for all hosts. (BZ#833406)
* Previous versions of the sosreport utility used the legacy ifconfig command to
detect network interfaces, but ifconfig did not support interfaces named via
biosdevname. As a consequence, no information on biosdevname interfaces was
present in the report tarball. With this update, the sosreport networking
plug-in now uses the "ip" command to detect interfaces of all types, and full
information on biosdevname interfaces is now included. (BZ#980177)
* Previously, the sosreport utility collected the krb5.keytab file from Kerberos
installations. Although encrypted, this file can contain sensitive key material.
With this update, sosreport collects a summary of krb5.keytab using the klist
command but does not collect the krb5.keytab file itself. As a result,
krb5.keytab data is still available but no sensitive information is included in
the report tarball. (BZ#1029017)
* Previously, the sosreport "ds" plug-in collected all directory server logs by
default. Depending on the log configuration, this could lead to very large
report sizes. With this update, sosreport collects by default only the current
version of the directory server logs regarding to "access", "errors" and
"audit", and rotated logs are not collected by default. In addition, the plug-in
now supports an "all_logs" option that can be used to request the old behavior.
As a result, the default report size for directory server hosts is now smaller
and more consistent unless full log data is explicitly requested. (BZ#1086736)
* Prior to this update, the sosreport utility could include password material in
the grub.conf and fstab files collected by the boot loader and file system
plug-ins if present on the collection system. Consequently, passwords, either
plain text or hashed, could be included in the report tarball. With this bug fix
update, password and other secrets are now removed during collection, and
passwords from the fstab or grub.conf files can no longer appear in the report
tarball. (BZ#1107751)
Users of sos are advised to upgrade to this updated package, which fixes these
bugs.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "The updated sos package that fixes several bugs is now available for Red Hat Enterprise Linux 5.",
"title": "Topic"
},
{
"category": "general",
"text": "The sos package contains a set of utilities that gather information from system\nhardware, logs, and configuration files. The information can then be used for\ndiagnostic purposes and debugging.\n\nThis update fixes the following bugs:\n\n* Previously, the sosreport utility did not include the output of the \"brctl\nshow\" command for all systems. Consequently, information on bridged network\nconfigurations was only available in the report tarball on systems using Xen for\nvirtualization. With this update, the networking module collects the output of\n\"brctl show\" as well as \"brctl showstp\" commands for each configured bridge, and\nthus bridged network configuration information is now available in the report\ntarball for all hosts. (BZ#833406) \n\n* Previous versions of the sosreport utility used the legacy ifconfig command to\ndetect network interfaces, but ifconfig did not support interfaces named via\nbiosdevname. As a consequence, no information on biosdevname interfaces was\npresent in the report tarball. With this update, the sosreport networking\nplug-in now uses the \"ip\" command to detect interfaces of all types, and full\ninformation on biosdevname interfaces is now included. (BZ#980177) \n\n* Previously, the sosreport utility collected the krb5.keytab file from Kerberos\ninstallations. Although encrypted, this file can contain sensitive key material.\nWith this update, sosreport collects a summary of krb5.keytab using the klist\ncommand but does not collect the krb5.keytab file itself. As a result,\nkrb5.keytab data is still available but no sensitive information is included in\nthe report tarball. (BZ#1029017)\n\n* Previously, the sosreport \"ds\" plug-in collected all directory server logs by\ndefault. Depending on the log configuration, this could lead to very large\nreport sizes. With this update, sosreport collects by default only the current\nversion of the directory server logs regarding to \"access\", \"errors\" and\n\"audit\", and rotated logs are not collected by default. In addition, the plug-in\nnow supports an \"all_logs\" option that can be used to request the old behavior.\nAs a result, the default report size for directory server hosts is now smaller\nand more consistent unless full log data is explicitly requested. (BZ#1086736)\n\n* Prior to this update, the sosreport utility could include password material in\nthe grub.conf and fstab files collected by the boot loader and file system\nplug-ins if present on the collection system. Consequently, passwords, either\nplain text or hashed, could be included in the report tarball. With this bug fix\nupdate, password and other secrets are now removed during collection, and\npasswords from the fstab or grub.conf files can no longer appear in the report\ntarball. (BZ#1107751) \n\nUsers of sos are advised to upgrade to this updated package, which fixes these\nbugs.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2014:1200",
"url": "https://access.redhat.com/errata/RHBA-2014:1200"
},
{
"category": "external",
"summary": "773350",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=773350"
},
{
"category": "external",
"summary": "782588",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=782588"
},
{
"category": "external",
"summary": "783423",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=783423"
},
{
"category": "external",
"summary": "833406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=833406"
},
{
"category": "external",
"summary": "916937",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=916937"
},
{
"category": "external",
"summary": "1099151",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1099151"
},
{
"category": "external",
"summary": "1099520",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1099520"
},
{
"category": "external",
"summary": "1107751",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1107751"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhba-2014_1200.json"
}
],
"title": "Red Hat Bug Fix Advisory: sos bug fix update",
"tracking": {
"current_release_date": "2025-11-21T17:21:00+00:00",
"generator": {
"date": "2025-11-21T17:21:00+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHBA-2014:1200",
"initial_release_date": "2014-09-16T00:17:05+00:00",
"revision_history": [
{
"date": "2014-09-16T00:17:05+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2014-09-16T00:17:05+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:21:00+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
"product": {
"name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product": {
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "sos-0:1.7-9.73.el5.src",
"product": {
"name": "sos-0:1.7-9.73.el5.src",
"product_id": "sos-0:1.7-9.73.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sos@1.7-9.73.el5?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "sos-0:1.7-9.73.el5.noarch",
"product": {
"name": "sos-0:1.7-9.73.el5.noarch",
"product_id": "sos-0:1.7-9.73.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sos@1.7-9.73.el5?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "sos-0:1.7-9.73.el5.noarch as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:sos-0:1.7-9.73.el5.noarch"
},
"product_reference": "sos-0:1.7-9.73.el5.noarch",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sos-0:1.7-9.73.el5.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:sos-0:1.7-9.73.el5.src"
},
"product_reference": "sos-0:1.7-9.73.el5.src",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sos-0:1.7-9.73.el5.noarch as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:sos-0:1.7-9.73.el5.noarch"
},
"product_reference": "sos-0:1.7-9.73.el5.noarch",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sos-0:1.7-9.73.el5.src as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:sos-0:1.7-9.73.el5.src"
},
"product_reference": "sos-0:1.7-9.73.el5.src",
"relates_to_product_reference": "5Server"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-3925",
"discovery_date": "2014-05-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1103324"
}
],
"notes": [
{
"category": "description",
"text": "sosreport in Red Hat sos 1.7 and earlier on Red Hat Enterprise Linux (RHEL) 5 produces an archive with an fstab file potentially containing cleartext passwords, and lacks a warning about reviewing this archive to detect included passwords, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "sos: does not indicate data sent is potentially sensitive on Red Hat Enterprise Linux 5",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of sosreport as shipped with Red Hat Enterprise Linux 6.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:sos-0:1.7-9.73.el5.noarch",
"5Client:sos-0:1.7-9.73.el5.src",
"5Server:sos-0:1.7-9.73.el5.noarch",
"5Server:sos-0:1.7-9.73.el5.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-3925"
},
{
"category": "external",
"summary": "RHBZ#1103324",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103324"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-3925",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3925"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-3925",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3925"
}
],
"release_date": "2014-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-09-16T00:17:05+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"5Client:sos-0:1.7-9.73.el5.noarch",
"5Client:sos-0:1.7-9.73.el5.src",
"5Server:sos-0:1.7-9.73.el5.noarch",
"5Server:sos-0:1.7-9.73.el5.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2014:1200"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"5Client:sos-0:1.7-9.73.el5.noarch",
"5Client:sos-0:1.7-9.73.el5.src",
"5Server:sos-0:1.7-9.73.el5.noarch",
"5Server:sos-0:1.7-9.73.el5.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "sos: does not indicate data sent is potentially sensitive on Red Hat Enterprise Linux 5"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…