libstorage, libstorage-ng, and yast-storage improperly store passphrases for encrypted storage devices in a temporary file on disk, which might allow local users to obtain sensitive information by reading the file, as demonstrated by /tmp/libstorage-XXXXXX/pwdf.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 02:54
Type | Values Removed | Values Added |
---|---|---|
References | () http://lists.opensuse.org/opensuse-updates/2016-09/msg00032.html - | |
References | () http://www.securityfocus.com/bid/93169 - | |
References | () https://bugzilla.suse.com/show_bug.cgi?id=986971 - | |
References | () https://github.com/openSUSE/libstorage-ng/pull/123 - | |
References | () https://github.com/openSUSE/libstorage/pull/162 - | |
References | () https://github.com/openSUSE/libstorage/pull/163 - | |
References | () https://github.com/yast/yast-storage/pull/223 - | |
References | () https://github.com/yast/yast-storage/pull/224 - | |
References | () https://github.com/yast/yast-storage/pull/226 - | |
References | () https://github.com/yast/yast-storage/pull/227 - |
Information
Published : 2016-09-26 15:59
Updated : 2024-11-21 02:54
NVD link : CVE-2016-5746
Mitre link : CVE-2016-5746
CVE.ORG link : CVE-2016-5746
JSON object : View
Products Affected
opensuse
- libstorage-ng
- libstorage
- leap
yast
- yast-storage
CWE