Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

CentOS Update for sos CESA-2016:0152 centos6

Information

Severity

Severity

Medium

Family

Family

CentOS Local Security Checks

CVSSv2 Base

CVSSv2 Base

4.6

CVSSv2 Vector

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Solution Type

Solution Type

Vendor Patch

Created

Created

6 years ago

Modified

Modified

3 years ago

Summary

Check the version of sos

Insight

Insight

The sos package contains a set of tools that gather information from system hardware, logs and configuration files. The information can then be used for diagnostic purposes and debugging. An insecure temporary file use flaw was found in the way sos created certain sosreport files. A local attacker could possibly use this flaw to perform a symbolic link attack to reveal the contents of sosreport files, or in some cases modify arbitrary files and escalate their privileges on the system. (CVE-2015-7529) This issue was discovered by Mateusz Guzik of Red Hat. This update also fixes the following bug: * Previously, when the hpasm plug-in ran the 'hpasmcli' command in a Python Popen constructor or a system pipeline, the command would hang and eventually time out after 300 seconds. Sos was forced to wait for the time out to finish, unnecessarily prolonging its run time. With this update, the timeout of the 'hpasmcli' command has been set to 0, eliminating the delay and speeding up sos completion time. (BZ#1291828) All sos users are advised to upgrade to this updated package, which contains backported patches to correct these issues.

Affected Software

Affected Software

sos on CentOS 6

Detection Method

Detection Method

Checks if a vulnerable version is present on the target host.

Solution

Solution

Please Install the Updated Packages.

Common Vulnerabilities and Exposures (CVE)