Lucene search

[email protected]CVE-2010-3912

HistoryJan 13, 2011 - 1:00 a.m.

CVE-2010-3912

2011-01-1301:00:00

CWE-255

[email protected]

web.nvd.nist.gov

cve-2010-3912

supportconfig script

supportutils

suse linux enterprise

password protection

nvd

6.7 Medium

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.005 Low

EPSS

Percentile

75.0%

JSON

The supportconfig script in supportutils in SUSE Linux Enterprise 11 SP1 and 10 SP3 does not “disguise passwords” in configuration files, which has unknown impact and attack vectors.

CPENameOperatorVersion
novell:suse_linuxnovell suse linuxeq11
novell:suse_linuxnovell suse linuxeq10

CPE	Name	Operator	Version
novell:suse_linux	novell suse linux	eq	11
novell:suse_linux	novell suse linux	eq	10

References

lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html

osvdb.org/70405

secunia.com/advisories/42877

www.vupen.com/english/advisories/2011/0076

exchange.xforce.ibmcloud.com/vulnerabilities/64690

6.7 Medium

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.005 Low

EPSS

Percentile

75.0%

JSON

Related for CVE-2010-3912

prion1 nessus2