Lucene search
HistoryApr 28, 2014 - 2:09 p.m.
CVE-2013-4285
cve-2013-4285
gentoo
pam
s/key
patch
local users
sensitive information
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
5.9 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
A certain Gentoo patch for the PAM S/Key module does not properly clear credentials from memory, which allows local users to obtain sensitive information by reading system memory.
Affected configurations
Node
dkorunicpam_s\/keyMatch-
| CPE | Name | Operator | Version |
|---|---|---|---|
| dkorunic:pam_s\/key | dkorunic pam s/key | eq | - |
Related
nessus
nessus
GLSA-201402-12 : PAM S/Key: Information disclosure
2014-02-10 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 201402-12
2015-09-29 00:00:00
nvd
nvd
CVE-2013-4285
2014-04-28 14:09:05
prion
prion
Design/Logic Flaw
2014-04-28 14:09:00
cvelist
cvelist
CVE-2013-4285
2014-04-28 14:00:00
gentoo
gentoo
PAM S/Key: Information disclosure
2014-02-09 00:00:00
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
5.9 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
Related for CVE-2013-4285