ID CVE-2008-3067
Summary sudo in SUSE openSUSE 10.3 does not clear the stdin buffer when password entry times out, which might allow local users to obtain a password by reading stdin from the parent process after a sudo child process exits.
References
Vulnerable Configurations
  • cpe:2.3:a:suse:opensuse:10.3:*:*:*:*:*:*:*
    cpe:2.3:a:suse:opensuse:10.3:*:*:*:*:*:*:*
CVSS
Base: 2.1 (as of 08-08-2017 - 01:31)
Impact:
Exploitability:
CWE CWE-255
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:N/A:N
refmap via4
suse SUSE-SR:2008:014
xf opensuse-sudo-information-disclosure(43618)
statements via4
contributor Mark J Cox
lastmodified 2008-07-08
organization Red Hat
statement Not vulnerable. This issue did not affect the versions of sudo as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Last major update 08-08-2017 - 01:31
Published 07-07-2008 - 23:41
Back to Top