Vulnerabilities > CVE-2010-3912 - Credentials Management vulnerability in Novell Suse Linux 10/11
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
The supportconfig script in supportutils in SUSE Linux Enterprise 11 SP1 and 10 SP3 does not "disguise passwords" in configuration files, which has unknown impact and attack vectors.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 2 |
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_SUPPORTUTILS-7215.NASL description The supportconfig script did not disguise passwords in the config files it collected. (CVE-2010-3912) last seen 2020-06-01 modified 2020-06-02 plugin id 51447 published 2011-01-10 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51447 title SuSE 10 Security Update : supportutils (ZYPP Patch Number 7215) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(51447); script_version ("1.7"); script_cvs_date("Date: 2019/10/25 13:36:40"); script_cve_id("CVE-2010-3912"); script_name(english:"SuSE 10 Security Update : supportutils (ZYPP Patch Number 7215)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 10 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "The supportconfig script did not disguise passwords in the config files it collected. (CVE-2010-3912)" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-3912.html" ); script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 7215."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2010/11/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/01/10"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SLED10", sp:3, reference:"supportutils-1.20-0.7.6.1")) flag++; if (rpm_check(release:"SLES10", sp:3, reference:"supportutils-1.20-0.7.6.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else exit(0, "The host is not affected.");NASL family SuSE Local Security Checks NASL id SUSE_11_SUPPORTUTILS-101104.NASL description The supportconfig script did not disguise passwords in the config files it collected. (CVE-2010-3912) last seen 2020-06-01 modified 2020-06-02 plugin id 51633 published 2011-01-21 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51633 title SuSE 11.1 Security Update : supportutils (SAT Patch Number 3468)