CVE-2010-3912 - The supportconfig script in supportutils in SUSE Linux Enterprise 11 SP1 and 10 SP3 does not "disgui

CVE-2010-3912

Summary

The supportconfig script in supportutils in SUSE Linux Enterprise 11 SP1 and 10 SP3 does not "disguise passwords" in configuration files, which has unknown impact and attack vectors.

References

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html
http://osvdb.org/70405
http://secunia.com/advisories/42877
http://www.vupen.com/english/advisories/2011/0076
https://exchange.xforce.ibmcloud.com/vulnerabilities/64690

Vulnerable Configurations

cpe:2.3:o:novell:suse_linux:10:sp3:enterprise:*:*:*:*:*
cpe:2.3:o:novell:suse_linux:10:sp3:enterprise:*:*:*:*:*
cpe:2.3:o:novell:suse_linux:11:sp1:enterprise:*:*:*:*:*
cpe:2.3:o:novell:suse_linux:11:sp1:enterprise:*:*:*:*:*

CVSS

Base:	10.0 (as of 17-08-2017 - 01:33)
Impact:
Exploitability:

CWE

CWE-255

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

osvdb	70405
secunia	42877
suse	SUSE-SR:2011:001
vupen	ADV-2011-0076
xf	suse-linux-supportconfig-unspecified(64690)

Last major update

17-08-2017 - 01:33

Published

13-01-2011 - 01:00

Last modified

17-08-2017 - 01:33