Lucene search

[email protected]NVD:CVE-2011-3177

HistorySep 08, 2017 - 6:29 p.m.

CVE-2011-3177

2017-09-0818:29:00

CWE-200

[email protected]

web.nvd.nist.gov

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

High

EPSS

Percentile

5.1%

JSON

The YaST2 network created files with world readable permissions which could have allowed local users to read sensitive material out of network configuration files, like passwords for wireless networks.

Affected configurations

Nvd

Node

yastyast2Match-

VendorProductVersionCPE
yastyast2-cpe:2.3:a:yast:yast2:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
yast	yast2	-	cpe:2.3:a:yast:yast2:-:::::::*

References

bugzilla.suse.com/show_bug.cgi?id=713661

github.com/yast/yast-core/commit/7fe2e3df308b8b6a901cb2cfd60f398df53219de

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2011-3177

prion1 cvelist1 cve1 osv2