CVE-2014-4040 – powerpc-utils: snap creates archives with fstab and yaboot.conf which may expose certain passwords

https://notcve.org/view.php?id=CVE-2014-4040

snap in powerpc-utils 1.2.20 produces an archive with fstab and yaboot.conf files potentially containing cleartext passwords, and lacks a warning about reviewing this archive to detect included passwords, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream. snap en powerpc-utils 1.2.20 produce un archivo con ficheros fstab y yaboot.conf que potencialmente contienen contraseñas en texto claro, y no tiene un aviso sobre la revisión de este archivo para detectar contraseñas incluidas, lo que podría permitir a atacantes remotos obtener información sensible mediante el aprovechamiento de acceso a un flujo de datos del soporte técnico. A flaw was found in the way the snap utility of powerpc-utils generated an archive containing a configuration snapshot of a service. A local attacker could obtain sensitive information from the generated archive such as plain text passwords. • http://openwall.com/lists/oss-security/2014/06/17/1 http://rhn.redhat.com/errata/RHSA-2015-0384.html https://access.redhat.com/security/cve/CVE-2014-4040 https://bugzilla.redhat.com/show_bug.cgi?id=1110520 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-310: Cryptographic Issues •