PT-2016-6671 · Opensuse+1 · Yast-Storage+3

Shundhammer

Publicado

2016-08-30

Atualizado

2018-10-30

CVE-2016-5746

CVSS v3.1

5.1

Média

Vetor

AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions libstorage, libstorage-ng, and yast-storage (affected versions not specified)

Description The issue allows local users to potentially obtain sensitive information by reading a temporary file on disk. This is because passphrases for encrypted storage devices are improperly stored in this file. The file in question is demonstrated by the path /tmp/libstorage-XXXXXX/pwdf.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2016-5746

SUSE-SU-2016:2189-1

SUSE-SU-2016:2353-1

SUSE-SU-2016:2355-1

SUSE-SU-2016_2189-1

SUSE-SU-2016_2353-1

SUSE-SU-2016_2355-1

Produtos afetados

Suse

Libstorage

Libstorage-Ng

Yast-Storage

PT-2016-6671 · Opensuse+1 · Yast-Storage+3

CVE-2016-5746

Identificadores relacionados

Produtos afetados

Referências · 23