PT-2016-6671 · Opensuse+1 · Yast-Storage+3

Shundhammer

Published

2016-08-30

Updated

2018-10-30

CVE-2016-5746

CVSS v3.1

5.1

Medium

Vector

AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions libstorage, libstorage-ng, and yast-storage (affected versions not specified)

Description The issue allows local users to potentially obtain sensitive information by reading a temporary file on disk. This is because passphrases for encrypted storage devices are improperly stored in this file. The file in question is demonstrated by the path /tmp/libstorage-XXXXXX/pwdf.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2016-5746

SUSE-SU-2016:2189-1

SUSE-SU-2016:2353-1

SUSE-SU-2016:2355-1

SUSE-SU-2016_2189-1

SUSE-SU-2016_2353-1

SUSE-SU-2016_2355-1

Affected Products

Suse

Libstorage

Libstorage-Ng

Yast-Storage

PT-2016-6671 · Opensuse+1 · Yast-Storage+3

CVE-2016-5746

Related Identifiers

Affected Products

References · 23