Bug 160836 - RedHat Linux Sysreport Proxy Information Disclosure
RedHat Linux Sysreport Proxy Information Disclosure
Status: CLOSED DEFERRED
Product: Fedora Legacy
Classification: Retired
Component: sysreport (Show other bugs)
unspecified
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Fedora Legacy Bugs
http://rhn.redhat.com/errata/RHSA-200...
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-06-17 14:53 EDT by John Dalbec
Modified: 2007-04-18 13:28 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-08-13 10:28:11 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description John Dalbec 2005-06-17 14:53:19 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20050519 Netscape/8.0.1

Description of problem:
05.24.17 CVE: CAN-2005-1760
Platform: Linux
Title: RedHat Linux Sysreport Proxy Information Disclosure
Description: up2date is the RedHat Update Agent software that allows
users to download official updates and fixes. Sysreport is a utility
designed to collect system information. Proxy authentication
information is stored in the up2date configuration file
"/etc/sysconfig/rhn/up2date". When sysreport executes, it discloses
the contents of this file, including proxy authentication usernames
and passwords. All unpatched versions are affected.
Ref: http://rhn.redhat.com/errata/RHSA-2005-502.html 

Version-Release number of selected component (if applicable):


How reproducible:
Didn't try


Additional info:
Comment 1 Jesse Keating 2006-08-13 10:28:11 EDT
We don't support up2date, and never ask for sysreport information.  Closing
deferred.

Note You need to log in before you can comment on or make changes to this bug.