sosreport@3.2 vulnerabilities

Set of tools to gather troubleshooting data from a system Sos is a set of tools that gathers information about system hardware and configuration. The information can then be used for diagnostic purposes and debugging. Sos is commonly used to help support technicians and developers.

latest version

3.2
first published

10 years ago
latest version published

10 years ago
licenses detected
- GPL-2.0
  [0,)
View sosreport package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the sosreport package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Symlink Attack sosreport is a Set of tools to gather troubleshooting data from a system Sos is a set of tools that gathers information about system hardware and configuration. The information can then be used for diagnostic purposes and debugging. Sos is commonly used to help support technicians and developers. Affected versions of this package are vulnerable to Symlink Attack which allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by `sosreport-$hostname-$date.tar` in `/tmp/sosreport-$hostname-$date`. How to fix Symlink Attack? A fix was pushed into the `master` branch but not yet published.	[0,)

Symlink Attack

sosreport is a Set of tools to gather troubleshooting data from a system Sos is a set of tools that gathers information about system hardware and configuration. The information can then be used for diagnostic purposes and debugging. Sos is commonly used to help support technicians and developers.

Affected versions of this package are vulnerable to Symlink Attack which allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date.

How to fix Symlink Attack?

A fix was pushed into the master branch but not yet published.

[0,)

Go back to all versions of this package

sosreport@3.2 vulnerabilities

Set of tools to gather troubleshooting data from a system Sos is a set of tools that gathers information about system hardware and configuration. The information can then be used for diagnostic purposes and debugging. Sos is commonly used to help support technicians and developers.

latest version

first published

latest version published

licenses detected

Direct Vulnerabilities