CVE-2007-3200 - NMASINST in Novell Modular Authentication Service (NMAS) 3.1.2 and earlier on NetWare logs its invok

CVE-2007-3200

Summary

NMASINST in Novell Modular Authentication Service (NMAS) 3.1.2 and earlier on NetWare logs its invoking command line to NMASINST.LOG, which might allow local users to obtain the admin username and password by reading this file.

References

Vulnerable Configurations

cpe:2.3:a:novell:modular_authentication_service:-:*:*:*:*:*:*:*
cpe:2.3:a:novell:modular_authentication_service:-:*:*:*:*:*:*:*
cpe:2.3:a:novell:modular_authentication_service:3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:novell:modular_authentication_service:3.1.2:*:*:*:*:*:*:*

CVSS

Base:	4.9 (as of 29-07-2017 - 01:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	NONE	NONE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:N/A:N

refmap via4

bid	24405
confirm	https://secure-support.novell.com/KanisaPlatform/Publishing/249/3260550_f.SAL_Public.html
osvdb	35943
sectrack	1018215
secunia	25592
vupen	ADV-2007-2118
xf	novell-nmasinst-information-disclosure(34806)

Last major update

29-07-2017 - 01:32

Published

12-06-2007 - 23:30

Last modified

29-07-2017 - 01:32