Originally noted as part of bug #1109371. Common Vulnerabilities and Exposures assigned an identifier CVE-2014-4040 to the following vulnerability: Name: CVE-2014-4040 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4040 Assigned: 20140612 Reference: http://openwall.com/lists/oss-security/2014/06/17/1 snap in powerpc-utils 1.2.20 produces an archive with fstab and yaboot.conf files potentially containing cleartext passwords, and lacks a warning about reviewing this archive to detect included passwords, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream.
Statement: This issue affects the versions of powerpc-utils as shipped with Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:0384 https://rhn.redhat.com/errata/RHSA-2015-0384.html