| Revision Date: | 2005-09-21 | Version: | 3 |
| Title: | sysreport Plaintext Password Leak |
| Description: | sysreport 1.3.15 and earlier includes contents of the up2date file in a report, which leaks the password for a proxy server in plaintext and allows local users to gain privileges. |
| Family: | unix | Class: | vulnerability |
| Status: | ACCEPTED | Reference(s): | CVE-2005-1760
|
| Platform(s): | Red Hat Enterprise Linux 3
| Product(s): | sysreport
|
| Definition Synopsis |
| Software section Red Hat Enterprise 3 is installed
AND sysreport RPM earlier than 0:1.3.7.2-6
AND Configuration section
/tmp is world-writable
|