Main Vulnerability Database SB2011011304

SB2011011304 - Credentials management in SUSE Linux

Published: January 13, 2011 Updated: August 11, 2020

Security Bulletin ID SB2011011304

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Credentials management (CVE-ID: CVE-2010-3912)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The supportconfig script in supportutils in SUSE Linux Enterprise 11 SP1 and 10 SP3 does not "disguise passwords" in configuration files, which has unknown impact and attack vectors.

Remediation

Install update from vendor's website.

References

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html
http://osvdb.org/70405
http://secunia.com/advisories/42877
http://www.vupen.com/english/advisories/2011/0076
https://exchange.xforce.ibmcloud.com/vulnerabilities/64690