Detections
Analytics

CentOS 3 / 4 : sysreport (CESA-2005:598)

low Nessus Plugin ID 21951

Synopsis

The remote CentOS host is missing a security update.

Description

An updated sysreport package that fixes an insecure temporary file flaw is now available.

This update has been rated as having low security impact by the Red Hat Security Response Team.

Sysreport is a utility that gathers information about a system's hardware and configuration. The information can then be used for diagnostic purposes and debugging.

Bill Stearns discovered a bug in the way sysreport creates temporary files. It is possible that a local attacker could obtain sensitive information about the system when sysreport is run. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2104 to this issue.

Users of sysreport should update to this erratum package, which contains a patch that resolves this issue.

Solution

Update the affected sysreport package.

See Also

http://www.nessus.org/u?f033cfc3

http://www.nessus.org/u?3d6bc2d3

http://www.nessus.org/u?17cd3811

http://www.nessus.org/u?b7594db3

http://www.nessus.org/u?00a9a6a2

Plugin Details

Severity: Low

ID: 21951

File Name: centos_RHSA-2005-598.nasl

Version: 1.18

Type: local

Agent: unix

Published: 7/5/2006

Updated: 1/4/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Low

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: p-cpe:/a:centos:centos:sysreport, cpe:/o:centos:centos:3, cpe:/o:centos:centos:4

Required KB Items: Host/local_checks_enabled, Host/CentOS/release, Host/CentOS/rpm-list

Patch Publication Date: 8/10/2005

Vulnerability Publication Date: 10/7/2005

Reference Information

CVE: CVE-2005-2104

RHSA: 2005:598