The CVE identifier of CVE-2011-4083 has been assigned to this issue.
An information disclosure flaw was found in the way sosreport utility of the SOS, set of system support tools, retrieved debugging information for the system, intended to be compressed and sent to the technical support representative. Due to a bug in the way this debugging information was collected, the resulting archive contained not only particular Red Hat Network (RHN) entitlement certificate, but also private key for the entitlement, used to sign the certificate. A remote attacker could use this flaw to obtain unprivileged access to the content, served by this RHN entitlement.
This issue did NOT affect the version of the sos package, as shipped with Red Hat Enterprise Linux 4. -- This issue affects the versions of the sos package, as shipped with Red Hat Enterprise Linux 5 and 6.
Lifting embargo.
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2011:1536 https://rhn.redhat.com/errata/RHSA-2011-1536.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2012:0153 https://rhn.redhat.com/errata/RHSA-2012-0153.html