Bug 1633243 (CVE-2018-14650) - CVE-2018-14650 sos-collector: incorrect permissions set on newly created files
Summary: CVE-2018-14650 sos-collector: incorrect permissions set on newly created files
Alias: CVE-2018-14650
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 1633659 1633666 1644776
Blocks: 1610988 1633248
TreeView+ depends on / blocked
Reported: 2018-09-26 13:47 UTC by Riccardo Schirone
Modified: 2019-09-29 14:59 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: ---
Doc Text:
It was discovered that sos-collector does not properly set the default permissions of newly created files, making all files created by the tool readable by any local user. A local attacker may use this flaw by waiting for a legit user to run sos-collector and steal the collected data in the /var/tmp directory.
Clone Of:
Last Closed: 2019-06-10 10:38:50 UTC

Attachments (Terms of Use)

System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:3663 None None None 2018-11-27 01:19:43 UTC

Description Riccardo Schirone 2018-09-26 13:47:24 UTC
sos-collector does not set any permission when creating new files, thus the default umask is used, making all newly created files readable by all local users. Given the delicacy of the data collected by sos-collector, all files created by the tool, including the sos-reports collected from the cluster machines, should be accessible only the to current user. A local attacker can use this flaw to read sensitive information collected from other machines when a legit user runs sos-collector.

Upstream patch:

Comment 3 Riccardo Schirone 2018-09-26 14:47:28 UTC

Name: Riccardo Schirone (Red Hat Product Security)

Comment 4 Riccardo Schirone 2018-09-27 13:31:46 UTC
Created sos-collector tracking bugs for this issue:

Affects: fedora-all [bug 1633659]

Comment 7 errata-xmlrpc 2018-11-27 01:19:38 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2018:3663 https://access.redhat.com/errata/RHSA-2018:3663

Note You need to log in before you can comment on or make changes to this bug.