Bug 749383 - (CVE-2011-4083) CVE-2011-4083 sos: sosreport is gathering certificate-based RHN entitlement private keys
CVE-2011-4083 sos: sosreport is gathering certificate-based RHN entitlement p...
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
Unspecified Unspecified
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
impact=low,public=20111206,reported=2...
: EasyFix, Security
Depends On: 750606 750607
Blocks: 742493 750605
  Show dependency treegraph
 
Reported: 2011-10-26 17:20 EDT by David Kutálek
Modified: 2012-02-21 03:19 EST (History)
10 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-02-21 03:19:39 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Comment 4 Jan Lieskovsky 2011-10-27 13:28:21 EDT
The CVE identifier of CVE-2011-4083 has been assigned to this issue.
Comment 10 Jan Lieskovsky 2011-11-01 14:01:52 EDT
An information disclosure flaw was found in the way sosreport utility of the SOS, set of system support tools, retrieved debugging information for the system, intended to be compressed and sent to the technical support representative. Due to a bug in the way this debugging information was collected, the resulting archive contained not only particular Red Hat Network (RHN) entitlement certificate, but also private key for the entitlement, used to sign the certificate. A remote attacker could use this flaw to obtain unprivileged access to the content, served by this RHN entitlement.
Comment 11 Jan Lieskovsky 2011-11-01 14:03:26 EDT
This issue did NOT affect the version of the sos package, as shipped with
Red Hat Enterprise Linux 4.

--

This issue affects the versions of the sos package, as shipped with
Red Hat Enterprise Linux 5 and 6.
Comment 18 Tomas Hoger 2011-12-06 03:26:35 EST
Lifting embargo.
Comment 19 errata-xmlrpc 2011-12-06 13:11:30 EST
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2011:1536 https://rhn.redhat.com/errata/RHSA-2011-1536.html
Comment 23 errata-xmlrpc 2012-02-20 22:25:48 EST
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2012:0153 https://rhn.redhat.com/errata/RHSA-2012-0153.html

Note You need to log in before you can comment on or make changes to this bug.