CVE-2010-3912

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

T

he supportconfig script in supportutils in SUSE Linux Enterprise 11 SP1 and 10 SP3 does not "disguise passwords" in configuration files, which has unknown impact and attack vectors.

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html
http://osvdb.org/70405
http://secunia.com/advisories/42877
http://www.vupen.com/english/advisories/2011/0076
https://exchange.xforce.ibmcloud.com/vulnerabilities/64690
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html
http://osvdb.org/70405
http://secunia.com/advisories/42877
http://www.vupen.com/english/advisories/2011/0076
https://exchange.xforce.ibmcloud.com/vulnerabilities/64690

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:novell:suse_linux:10:sp3:enterprise:::::*
	cpe:2.3:o:novell:suse_linux:11:sp1:enterprise:::::*

History

21 Nov 2024, 01:19

Type	Values Removed	Values Added
References	~~() http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html -~~	() http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html -
References	~~() http://osvdb.org/70405 -~~	() http://osvdb.org/70405 -
References	~~() http://secunia.com/advisories/42877 -~~	() http://secunia.com/advisories/42877 -
References	~~() http://www.vupen.com/english/advisories/2011/0076 -~~	() http://www.vupen.com/english/advisories/2011/0076 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/64690 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/64690 -

Information

Published : 2011-01-13 01:00

Updated : 2025-04-11 00:51

NVD link : CVE-2010-3912

Mitre link : CVE-2010-3912

CVE.ORG link : CVE-2010-3912

JSON object : View

Products Affected

suse_linux

CWE

CWE-255

Credentials Management Errors

{"id": "CVE-2010-3912", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "[email protected]", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2011-01-13T01:00:01.740", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html", "source": "[email protected]"}, {"url": "http://osvdb.org/70405", "source": "[email protected]"}, {"url": "http://secunia.com/advisories/42877", "source": "[email protected]"}, {"url": "http://www.vupen.com/english/advisories/2011/0076", "source": "[email protected]"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64690", "source": "[email protected]"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://osvdb.org/70405", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/42877", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2011/0076", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64690", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "The supportconfig script in supportutils in SUSE Linux Enterprise 11 SP1 and 10 SP3 does not \"disguise passwords\" in configuration files, which has unknown impact and attack vectors."}, {"lang": "es", "value": "La secuencia de comandos en supportconfig en supportutils en el SP3 de SUSE Linux Enterprise v11 Service Pack 1 y 10 no \"disfraza contrase\u00f1as\" en los archivos de configuraci\u00f3n, que tiene un impacto y vectores de ataque desconocidos."}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:novell:suse_linux:10:sp3:enterprise:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "729E4FC1-2207-4773-ACAE-6708B2437223"}, {"criteria": "cpe:2.3:o:novell:suse_linux:11:sp1:enterprise:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "461BE88B-903C-43E3-A59F-4F3CE00D025B"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}