Vulnerabilities > CVE-2008-3067 - Credentials Management vulnerability in Suse Opensuse 10.3

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

local

low complexity

suse

CWE-255

NVD

Published: 2008-07-07

Updated: 2017-08-08

Summary

sudo in SUSE openSUSE 10.3 does not clear the stdin buffer when password entry times out, which might allow local users to obtain a password by reading stdin from the parent process after a sudo child process exits.

Vulnerable Configurations

Part	Description	Count
Application	Suse Suse Opensuse 10.3	1

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

Statements

contributor	Mark J Cox
lastmodified	2008-07-08
organization	Red Hat
statement	Not vulnerable. This issue did not affect the versions of sudo as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.

References

http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/43618