CVE Details

Release Date:2015-12-01


sosreport in SoS 3.x allows local users to obtain sensitiveinformation from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport--.tar in /tmp/sosreport--.

See more information about CVE-2015-7529 from MITRE CVE dictionary and NIST NVD

CVSS v2.0 metrics

NOTE: The following CVSS v2.0 metrics and score provided are preliminary and subject to review.

Base Score: 6 Base Metrics: AV:L/AC:H/Au:S/C:C/I:C/A:C
Access Vector: Local network Attack Complexity: High
Authentication: Requires single instance Confidentiality Impact: Complete
Integrity Impact: Complete Availability Impact: Complete

Errata information

PlatformErrataRelease Date
Oracle Linux version 6 (sos)ELSA-2016-01522016-02-09
Oracle Linux version 7 (sos)ELSA-2016-01882016-02-16
Oracle VM version 3.3 (sos)OVMSA-2016-00112016-02-09
Oracle VM version 3.4 (sos)OVMSA-2016-00112016-02-09

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team