CVE-2011-3177

The YaST2 network created files with world readable permissions which could have allowed local users to read sensitive material out of network configuration files, like passwords for wireless networks.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 10%
Affected Products (NVD)
VendorProductVersion
yastyast2
-
𝑥
= Vulnerable software versions
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
yast2
suse enterprise sap 12 SP5
3.2.50-4.7.1
fixed
suse enterprise server 12 SP5
3.2.50-4.7.1
fixed
yast2-core
suse enterprise sap 12 SP5
3.3.1-1.7
fixed
suse enterprise server 12 SP5
3.3.1-1.7
fixed
Common Weakness Enumeration
References
https://bugzilla.suse.com/show_bug.cgi?id=713661
https://github.com/yast/yast-core/commit/7fe2e3df308b8b6a901cb2cfd60f398df53219de
https://bugzilla.suse.com/show_bug.cgi?id=713661
https://github.com/yast/yast-core/commit/7fe2e3df308b8b6a901cb2cfd60f398df53219de