Credentials management in SUSE Linux
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2010-3912 |
| CWE-ID | CWE-255 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
SUSE Linux Operating systems & Components / Operating system |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains one high risk vulnerability.
1) Credentials management
EUVDB-ID: #VU45461
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2010-3912
CWE-ID:
CWE-255 - Credentials Management
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The supportconfig script in supportutils in SUSE Linux Enterprise 11 SP1 and 10 SP3 does not "disguise passwords" in configuration files, which has unknown impact and attack vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsSUSE Linux: 10 - 11
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html
https://osvdb.org/70405
https://secunia.com/advisories/42877
https://www.vupen.com/english/advisories/2011/0076
https://exchange.xforce.ibmcloud.com/vulnerabilities/64690
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
