CVE-2015-3171

Опубликовано: 05 мая 2015

Источник: redhat

CVSS2: 2.1

EPSS Низкий

Описание

sosreport 3.2 uses weak permissions for generated sosreport archives, which allows local users with access to /var/tmp/ to obtain sensitive information by reading the contents of the archive.

Отчет

Not vulnerable. This issue does not affect the version of sos package as shipped with Red Hat Enterprise Linux 5, 6 and 7.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	sos	Not affected
Red Hat Enterprise Linux 6	sos	Not affected
Red Hat Enterprise Linux 7	sos	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-732

https://bugzilla.redhat.com/show_bug.cgi?id=1218658sosreport: temporary file created with world-readable permissions

EPSS

Процентиль: 12%

0.00039

Низкий

2.1 Low

CVSS2

Связанные уязвимости

CVE-2015-3171

CVSS3: 5.5

ubuntu

больше 8 лет назад

sosreport 3.2 uses weak permissions for generated sosreport archives, which allows local users with access to /var/tmp/ to obtain sensitive information by reading the contents of the archive.

CVE-2015-3171

CVSS3: 5.5

nvd

больше 8 лет назад

sosreport 3.2 uses weak permissions for generated sosreport archives, which allows local users with access to /var/tmp/ to obtain sensitive information by reading the contents of the archive.

CVE-2015-3171

CVSS3: 5.5

debian

больше 8 лет назад

sosreport 3.2 uses weak permissions for generated sosreport archives, ...

GHSA-gw46-8559-cggp

CVSS3: 5.5

github

больше 3 лет назад

sosreport sensitive information disclosure via weak permissions of the generated archives

EPSS

Процентиль: 12%

0.00039

Низкий

2.1 Low

CVSS2