Main Vulnerability Database Vulnerabilities #VU45461

Credentials management in SUSE Linux - CVE-2010-3912

Published: January 13, 2011 / Updated: August 11, 2020

Vulnerability identifier: #VU45461

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2010-3912

CWE-ID: CWE-255

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: SUSE

Affected software:
SUSE Linux

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The supportconfig script in supportutils in SUSE Linux Enterprise 11 SP1 and 10 SP3 does not "disguise passwords" in configuration files, which has unknown impact and attack vectors.

How to mitigate CVE-2010-3912

Install update from vendor's website.

Sources

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html
http://osvdb.org/70405
http://secunia.com/advisories/42877
http://www.vupen.com/english/advisories/2011/0076
https://exchange.xforce.ibmcloud.com/vulnerabilities/64690

Credentials management in SUSE Linux - CVE-2010-3912

Detailed vulnerability description

How to mitigate CVE-2010-3912

Sources

Please verify you're human