CVE-2010-2241

The (1) setup-ds.pl and (2) setup-ds-admin.pl setup scripts for Red Hat Directory Server 8 before 8.2 use world-readable permissions when creating cache files, which allows local users to obtain sensitive information including passwords for Directory and Administration Server administrative accounts.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
2.1 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 14%
VendorProductVersion
redhatdirectory_server
8.0
redhatdirectory_server
8.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://rhn.redhat.com/errata/RHSA-2010-0590.html
http://secunia.com/advisories/40811
http://www.osvdb.org/66962
http://www.securitytracker.com/id?1024281
https://bugzilla.redhat.com/show_bug.cgi?id=608032
http://rhn.redhat.com/errata/RHSA-2010-0590.html
http://secunia.com/advisories/40811
http://www.osvdb.org/66962
http://www.securitytracker.com/id?1024281
https://bugzilla.redhat.com/show_bug.cgi?id=608032