Lucene search

[email protected]CVE-2011-1943

HistoryJun 14, 2011 - 5:55 p.m.

CVE-2011-1943

2011-06-1417:55:00

CWE-532

[email protected]

web.nvd.nist.gov

cve-2011-1943

networkmanager

libnm-util

fedora 15

sensitive information disclosure

log file vulnerability

5.4 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.2%

JSON

The destroy_one_secret function in nm-setting-vpn.c in libnm-util in the NetworkManager package 0.8.999-3.git20110526 in Fedora 15 creates a log entry containing a certificate password, which allows local users to obtain sensitive information by reading a log file.

CPENameOperatorVersion
gnome:networkmanagergnome networkmanagerlt0.8.9997
fedoraproject:fedorafedoraproject fedoraeq15

CPE	Name	Operator	Version
gnome:networkmanager	gnome networkmanager	lt	0.8.9997
fedoraproject:fedora	fedoraproject fedora	eq	15

References

cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=78ce088843d59d4494965bfc40b30a2e63d065f6

lists.fedoraproject.org/pipermail/package-announce/2011-June/061329.html

www.openwall.com/lists/oss-security/2011/05/31/6

www.openwall.com/lists/oss-security/2011/05/31/7

bugzilla.redhat.com/show_bug.cgi?id=708876

exchange.xforce.ibmcloud.com/vulnerabilities/68057

5.4 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2011-1943

nessus1 cvelist1 openvas6 debiancve1 fedora3 prion1 ubuntucve1