#VU45461 Credentials management in SUSE Linux - CVE-2010-3912

Cybersecurity Help s.r.o.

Published: 2011-01-13 | Updated: 2020-08-11

Vulnerability identifier: #VU45461

Vulnerability risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2010-3912

CWE-ID: CWE-255

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
SUSE Linux
Operating systems & Components / Operating system

Vendor: SUSE

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The supportconfig script in supportutils in SUSE Linux Enterprise 11 SP1 and 10 SP3 does not "disguise passwords" in configuration files, which has unknown impact and attack vectors.

Mitigation
Install update from vendor's website.

Vulnerable software versions

SUSE Linux: 10 - 11

External links
https://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html
https://osvdb.org/70405
https://secunia.com/advisories/42877
https://www.vupen.com/english/advisories/2011/0076
https://exchange.xforce.ibmcloud.com/vulnerabilities/64690

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Credentials management in SUSE Linux