{"id":"PYSEC-2017-73","details":"sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date.","aliases":["CVE-2015-7529","GHSA-3g56-2hh3-35ph"],"modified":"2023-11-08T03:58:00.365828Z","published":"2017-11-06T17:29:00Z","references":[{"type":"REPORT","url":"https://github.com/sosreport/sos/issues/696"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1282542"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2016:0188"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2016:0152"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-2845-1"},{"type":"WEB","url":"http://www.securityfocus.com/bid/83162"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2016-0188.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2016-0152.html"}],"affected":[{"package":{"name":"sosreport","ecosystem":"PyPI","purl":"pkg:pypi/sosreport"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"3.0"}]}],"versions":["3.2","3.2.0a1"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/sosreport/PYSEC-2017-73.yaml"}}],"schema_version":"1.7.3"}