CVE-2015-7529
Severity CVSS v4.0:
Pending analysis
Type:
CWE-59
Link Following
Publication date:
06/11/2017
Last modified:
20/04/2025
Description
sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date.
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH
Base Score 2.0
4.60
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:sos_project:sos:*:*:*:*:*:*:*:* | 3.0 (including) | 3.8 (including) |
| cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:* | ||
| cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:* | ||
| cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://rhn.redhat.com/errata/RHSA-2016-0152.html
- http://rhn.redhat.com/errata/RHSA-2016-0188.html
- http://www.securityfocus.com/bid/83162
- http://www.ubuntu.com/usn/USN-2845-1
- https://access.redhat.com/errata/RHSA-2016:0152
- https://access.redhat.com/errata/RHSA-2016:0188
- https://bugzilla.redhat.com/show_bug.cgi?id=1282542
- https://github.com/sosreport/sos/issues/696
- http://rhn.redhat.com/errata/RHSA-2016-0152.html
- http://rhn.redhat.com/errata/RHSA-2016-0188.html
- http://www.securityfocus.com/bid/83162
- http://www.ubuntu.com/usn/USN-2845-1
- https://access.redhat.com/errata/RHSA-2016:0152
- https://access.redhat.com/errata/RHSA-2016:0188
- https://bugzilla.redhat.com/show_bug.cgi?id=1282542
- https://github.com/sosreport/sos/issues/696