Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 160836 - RedHat Linux Sysreport Proxy Information Disclosure
Summary: RedHat Linux Sysreport Proxy Information Disclosure
Keywords:
Status: CLOSED DEFERRED
Alias: None
Product: Fedora Legacy
Classification: Retired
Component: sysreport
Version: unspecified
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Fedora Legacy Bugs
QA Contact:
URL: http://rhn.redhat.com/errata/RHSA-200...
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-06-17 18:53 UTC by John Dalbec
Modified: 2007-04-18 17:28 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2006-08-13 14:28:11 UTC


Attachments (Terms of Use)

Description John Dalbec 2005-06-17 18:53:19 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20050519 Netscape/8.0.1

Description of problem:
05.24.17 CVE: CAN-2005-1760
Platform: Linux
Title: RedHat Linux Sysreport Proxy Information Disclosure
Description: up2date is the RedHat Update Agent software that allows
users to download official updates and fixes. Sysreport is a utility
designed to collect system information. Proxy authentication
information is stored in the up2date configuration file
"/etc/sysconfig/rhn/up2date". When sysreport executes, it discloses
the contents of this file, including proxy authentication usernames
and passwords. All unpatched versions are affected.
Ref: http://rhn.redhat.com/errata/RHSA-2005-502.html 

Version-Release number of selected component (if applicable):


How reproducible:
Didn't try


Additional info:

Comment 1 Jesse Keating 2006-08-13 14:28:11 UTC
We don't support up2date, and never ask for sysreport information.  Closing
deferred.


Note You need to log in before you can comment on or make changes to this bug.