Executive Summary
Summary | |
---|---|
Title | sysreport security update |
Informations | |||
---|---|---|---|
Name | RHSA-2005:598 | First vendor Publication | 2005-08-09 |
Vendor | RedHat | Last vendor Modification | 2005-08-09 |
Severity (Vendor) | Low | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:P/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 2.1 | Attack Range | Local |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: An updated sysreport package that fixes an insecure temporary file flaw is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - noarch Red Hat Linux Advanced Workstation 2.1 - noarch Red Hat Enterprise Linux ES version 2.1 - noarch Red Hat Enterprise Linux WS version 2.1 - noarch Red Hat Enterprise Linux AS version 3 - noarch Red Hat Desktop version 3 - noarch Red Hat Enterprise Linux ES version 3 - noarch Red Hat Enterprise Linux WS version 3 - noarch Red Hat Enterprise Linux AS version 4 - noarch Red Hat Enterprise Linux Desktop version 4 - noarch Red Hat Enterprise Linux ES version 4 - noarch Red Hat Enterprise Linux WS version 4 - noarch 3. Problem description: Sysreport is a utility that gathers information about a system's hardware and configuration. The information can then be used for diagnostic purposes and debugging. Bill Stearns discovered a bug in the way sysreport creates temporary files. It is possible that a local attacker could obtain sensitive information about the system when sysreport is run. The Common Vulnerabilities and Exposures project assigned the name CAN-2005-2104 to this issue. Users of sysreport should update to this erratum package, which contains a patch that resolves this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 162978 - CAN-2005-2104 sysreport insecure temporary directory usage |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2005-598.html |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:9411 | |||
Oval ID: | oval:org.mitre.oval:def:9411 | ||
Title: | sysreport before 1.3.7 allows local users to obtain sensitive information via a symlink attack on a temporary directory. | ||
Description: | sysreport before 1.3.7 allows local users to obtain sensitive information via a symlink attack on a temporary directory. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-2104 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
18682 | Linux sysreport Insecure Temporary File Information Disclosure |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2006-07-05 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2005-598.nasl - Type : ACT_GATHER_INFO |
2005-11-15 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-1071.nasl - Type : ACT_GATHER_INFO |
2005-11-15 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-1072.nasl - Type : ACT_GATHER_INFO |
2005-08-10 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2005-598.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:49:32 |
|