Search criteria
2 vulnerabilities by yast
CVE-2011-3177 (GCVE-0-2011-3177)
Vulnerability from cvelistv5 – Published: 2017-09-08 18:00 – Updated: 2024-08-06 23:22
VLAI
Summary
The YaST2 network created files with world readable permissions which could have allowed local users to read sensitive material out of network configuration files, like passwords for wireless networks.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/yast/yast-core/commit/7fe2e3df… | x_refsource_CONFIRM |
| https://bugzilla.suse.com/show_bug.cgi?id=713661 | x_refsource_CONFIRM |
Date Public
2017-03-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:22:27.686Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/yast/yast-core/commit/7fe2e3df308b8b6a901cb2cfd60f398df53219de"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=713661"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The YaST2 network created files with world readable permissions which could have allowed local users to read sensitive material out of network configuration files, like passwords for wireless networks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-08T17:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/yast/yast-core/commit/7fe2e3df308b8b6a901cb2cfd60f398df53219de"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=713661"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3177",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The YaST2 network created files with world readable permissions which could have allowed local users to read sensitive material out of network configuration files, like passwords for wireless networks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/yast/yast-core/commit/7fe2e3df308b8b6a901cb2cfd60f398df53219de",
"refsource": "CONFIRM",
"url": "https://github.com/yast/yast-core/commit/7fe2e3df308b8b6a901cb2cfd60f398df53219de"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=713661",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=713661"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3177",
"datePublished": "2017-09-08T18:00:00.000Z",
"dateReserved": "2011-08-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:22:27.686Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5746 (GCVE-0-2016-5746)
Vulnerability from cvelistv5 – Published: 2016-09-26 15:00 – Updated: 2024-08-06 01:07
VLAI
Summary
libstorage, libstorage-ng, and yast-storage improperly store passphrases for encrypted storage devices in a temporary file on disk, which might allow local users to obtain sensitive information by reading the file, as demonstrated by /tmp/libstorage-XXXXXX/pwdf.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| https://github.com/openSUSE/libstorage/pull/162 | x_refsource_CONFIRM |
| https://github.com/yast/yast-storage/pull/224 | x_refsource_CONFIRM |
| https://github.com/yast/yast-storage/pull/226 | x_refsource_CONFIRM |
| https://bugzilla.suse.com/show_bug.cgi?id=986971 | x_refsource_CONFIRM |
| https://github.com/yast/yast-storage/pull/227 | x_refsource_CONFIRM |
| https://github.com/openSUSE/libstorage-ng/pull/123 | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-updates/2016-0… | vendor-advisoryx_refsource_SUSE |
| http://www.securityfocus.com/bid/93169 | vdb-entryx_refsource_BID |
| https://github.com/yast/yast-storage/pull/223 | x_refsource_CONFIRM |
| https://github.com/openSUSE/libstorage/pull/163 | x_refsource_CONFIRM |
Date Public
2016-09-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:07:59.951Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openSUSE/libstorage/pull/162"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/yast/yast-storage/pull/224"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/yast/yast-storage/pull/226"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=986971"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/yast/yast-storage/pull/227"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openSUSE/libstorage-ng/pull/123"
},
{
"name": "openSUSE-SU-2016:2264",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00032.html"
},
{
"name": "93169",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93169"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/yast/yast-storage/pull/223"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openSUSE/libstorage/pull/163"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "libstorage, libstorage-ng, and yast-storage improperly store passphrases for encrypted storage devices in a temporary file on disk, which might allow local users to obtain sensitive information by reading the file, as demonstrated by /tmp/libstorage-XXXXXX/pwdf."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:49.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openSUSE/libstorage/pull/162"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/yast/yast-storage/pull/224"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/yast/yast-storage/pull/226"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=986971"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/yast/yast-storage/pull/227"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openSUSE/libstorage-ng/pull/123"
},
{
"name": "openSUSE-SU-2016:2264",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00032.html"
},
{
"name": "93169",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93169"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/yast/yast-storage/pull/223"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openSUSE/libstorage/pull/163"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2016-5746",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libstorage, libstorage-ng, and yast-storage improperly store passphrases for encrypted storage devices in a temporary file on disk, which might allow local users to obtain sensitive information by reading the file, as demonstrated by /tmp/libstorage-XXXXXX/pwdf."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/openSUSE/libstorage/pull/162",
"refsource": "CONFIRM",
"url": "https://github.com/openSUSE/libstorage/pull/162"
},
{
"name": "https://github.com/yast/yast-storage/pull/224",
"refsource": "CONFIRM",
"url": "https://github.com/yast/yast-storage/pull/224"
},
{
"name": "https://github.com/yast/yast-storage/pull/226",
"refsource": "CONFIRM",
"url": "https://github.com/yast/yast-storage/pull/226"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=986971",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=986971"
},
{
"name": "https://github.com/yast/yast-storage/pull/227",
"refsource": "CONFIRM",
"url": "https://github.com/yast/yast-storage/pull/227"
},
{
"name": "https://github.com/openSUSE/libstorage-ng/pull/123",
"refsource": "CONFIRM",
"url": "https://github.com/openSUSE/libstorage-ng/pull/123"
},
{
"name": "openSUSE-SU-2016:2264",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00032.html"
},
{
"name": "93169",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93169"
},
{
"name": "https://github.com/yast/yast-storage/pull/223",
"refsource": "CONFIRM",
"url": "https://github.com/yast/yast-storage/pull/223"
},
{
"name": "https://github.com/openSUSE/libstorage/pull/163",
"refsource": "CONFIRM",
"url": "https://github.com/openSUSE/libstorage/pull/163"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2016-5746",
"datePublished": "2016-09-26T15:00:00.000Z",
"dateReserved": "2016-06-23T00:00:00.000Z",
"dateUpdated": "2024-08-06T01:07:59.951Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}