CVE-2016-5746
Description
libstorage, libstorage-ng, and yast-storage improperly store passphrases for encrypted storage devices in a temporary file on disk, which might allow local users to obtain sensitive information by reading the file, as demonstrated by /tmp/libstorage-XXXXXX/pwdf.
Risk Information
Base Score
5.1
MODERATE
Vector
CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.058
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| SUSE-SU-2016:2189-1(SUSE Linux Enterprise Desktop 12-SP1 ) libstorage-debugsource-2.25.35.1-3.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2189-1(SUSE Linux Enterprise Desktop 12-SP1 ) libstorage-ruby-2.25.35.1-3.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2189-1(SUSE Linux Enterprise Desktop 12-SP1 ) libstorage-ruby-debuginfo-2.25.35.1-3.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2189-1(SUSE Linux Enterprise Desktop 12-SP1 ) libstorage6-2.25.35.1-3.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2189-1(SUSE Linux Enterprise Desktop 12-SP1 ) libstorage6-debuginfo-2.25.35.1-3.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2353-1(SUSE Linux Enterprise Server 11-SP4 ) yast2-storage-2.17.161-5.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2353-1(SUSE Linux Enterprise Server 11-SP4 ) yast2-storage-lib-2.17.161-5.1.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234