[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247862

 
 

909

 
 

194603

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2011-1943Date: (C)2011-06-14   (M)2023-12-22


The destroy_one_secret function in nm-setting-vpn.c in libnm-util in the NetworkManager package 0.8.999-3.git20110526 in Fedora 15 creates a log entry containing a certificate password, which allows local users to obtain sensitive information by reading a log file.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 2.1
Exploit Score: 3.9
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
FEDORA-2011-7919
http://www.openwall.com/lists/oss-security/2011/05/31/6
http://www.openwall.com/lists/oss-security/2011/05/31/7
http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=78ce088843d59d4494965bfc40b30a2e63d065f6
https://bugzilla.redhat.com/show_bug.cgi?id=708876
networkmanager-secret-info-disclosure(68057)

CPE    1
cpe:/o:fedoraproject:fedora:15
CWE    1
CWE-532
OVAL    3
oval:org.secpod.oval:def:102920
oval:org.secpod.oval:def:103056
oval:org.secpod.oval:def:102917

© SecPod Technologies