CVE-2015-3171

NameCVE-2015-3171
Descriptionsosreport 3.2 uses weak permissions for generated sosreport archives, which allows local users with access to /var/tmp/ to obtain sensitive information by reading the contents of the archive.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs769521

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
sosreport (PTS)buster3.6-1fixed
bookworm, bullseye4.0-2fixed
sid, trixie4.0-2.1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
sosreportsource(unstable)3.2-2769521

Notes

https://github.com/sosreport/sos/commit/d7759d3ddae5fe99a340c88a1d370d65cfa73fd6
https://github.com/sosreport/sos/issues/425
Search for package or bug name: Reporting problems