Vulnerability Name:

CVE-2010-3912 (CCN-64690)

Assigned:2010-12-30
Published:2010-12-30
Updated:2017-08-17
Summary:The supportconfig script in supportutils in SUSE Linux Enterprise 11 SP1 and 10 SP3 does not "disguise passwords" in configuration files, which has unknown impact and attack vectors.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-255
Vulnerability Consequences:Other
References:Source: MITRE
Type: CNA
CVE-2010-3912

Source: CCN
Type: SUSE-SR:2011:001
SUSE Security Summary Report

Source: SUSE
Type: UNKNOWN
SUSE-SR:2011:001

Source: OSVDB
Type: UNKNOWN
70405

Source: SECUNIA
Type: UNKNOWN
42877

Source: CCN
Type: OSVDB ID: 70405
supportutils supportconfig on SUSE Configuration File Undisguised Passwords Unspecified Issue

Source: VUPEN
Type: UNKNOWN
ADV-2011-0076

Source: XF
Type: UNKNOWN
suse-linux-supportconfig-unspecified(64690)

Source: XF
Type: UNKNOWN
suse-linux-supportconfig-unspecified(64690)

Source: SUSE
Type: SUSE-SR:2011:001
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/o:novell:suse_linux:10:sp3:enterprise:*:*:*:*:*
  • OR cpe:/o:novell:suse_linux:11:sp1:enterprise:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20103912
    V
    		CVE-2010-3912
    2022-05-20
    BACK
    novell suse linux 10 sp3
    novell suse linux 11 sp1