CVE-2012-3466

GNOME gnome-keyring 3.4.0 through 3.4.1, when gpg-cache-method is set to "idle" or "timeout," does not properly limit the amount of time a passphrase is cached, which allows attackers to have an unspecified impact via unknown attack vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.4 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
Affected Products (NVD)
VendorProductVersion
gnomegnome-keyring
3.4.0
gnomegnome-keyring
3.4.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
gnome-keyring
bookworm
42.1-1
fixed
bullseye
3.36.0-1
fixed
sid
46.2-1
fixed
squeeze
not-affected
trixie
46.2-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
gnome-keyring
hardy
ignored
lucid
not-affected
natty
not-affected
oneiric
not-affected
precise
not-affected
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
gnome-keyring
suse enterprise sap 12 SP5
3.20.0-28.3.18
fixed
suse enterprise server 12 SP2
3.20.0-27.2
fixed
suse enterprise server 12 SP3
3.20.0-27.2
fixed
suse enterprise server 12 SP4
3.20.0-28.3.18
fixed
suse enterprise server 12 SP5
3.20.0-28.3.18
fixed
gnome-keyring-32bit
suse enterprise sap 12 SP5
3.20.0-28.3.18
fixed
suse enterprise server 12 SP2
3.20.0-27.2
fixed
suse enterprise server 12 SP3
3.20.0-27.2
fixed
suse enterprise server 12 SP4
3.20.0-28.3.18
fixed
suse enterprise server 12 SP5
3.20.0-28.3.18
fixed
gnome-keyring-lang
suse enterprise sap 12 SP5
3.20.0-28.3.18
fixed
suse enterprise server 12 SP2
3.20.0-27.2
fixed
suse enterprise server 12 SP3
3.20.0-27.2
fixed
suse enterprise server 12 SP4
3.20.0-28.3.18
fixed
suse enterprise server 12 SP5
3.20.0-28.3.18
fixed
gnome-keyring-pam
suse enterprise sap 12 SP5
3.20.0-28.3.18
fixed
suse enterprise server 12 SP2
3.20.0-27.2
fixed
suse enterprise server 12 SP3
3.20.0-27.2
fixed
suse enterprise server 12 SP4
3.20.0-28.3.18
fixed
suse enterprise server 12 SP5
3.20.0-28.3.18
fixed
gnome-keyring-pam-32bit
suse enterprise sap 12 SP5
3.20.0-28.3.18
fixed
suse enterprise server 12 SP2
3.20.0-27.2
fixed
suse enterprise server 12 SP3
3.20.0-27.2
fixed
suse enterprise server 12 SP4
3.20.0-28.3.18
fixed
suse enterprise server 12 SP5
3.20.0-28.3.18
fixed
libgck-modules-gnome-keyring
suse enterprise sap 12 SP5
3.20.0-28.3.18
fixed
suse enterprise server 12 SP2
3.20.0-27.2
fixed
suse enterprise server 12 SP3
3.20.0-27.2
fixed
suse enterprise server 12 SP4
3.20.0-28.3.18
fixed
suse enterprise server 12 SP5
3.20.0-28.3.18
fixed
Common Weakness Enumeration
References
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683655
http://git.gnome.org/browse/gnome-keyring/commit/?id=51606f299e5ee9d48096db0a5957efe26cbf7cc3
http://git.gnome.org/browse/gnome-keyring/commit/?id=5dff623470b859e332dbe12afb0dc57b292832d2
http://lists.opensuse.org/opensuse-updates/2012-09/msg00037.html
http://www.mandriva.com/security/advisories?name=MDVSA-2013:084
http://www.openwall.com/lists/oss-security/2012/08/09/1
http://www.openwall.com/lists/oss-security/2012/08/09/2
https://bugzilla.gnome.org/show_bug.cgi?id=681081
https://bugzilla.redhat.com/show_bug.cgi?id=845426
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683655
http://git.gnome.org/browse/gnome-keyring/commit/?id=51606f299e5ee9d48096db0a5957efe26cbf7cc3
http://git.gnome.org/browse/gnome-keyring/commit/?id=5dff623470b859e332dbe12afb0dc57b292832d2
http://lists.opensuse.org/opensuse-updates/2012-09/msg00037.html
http://www.mandriva.com/security/advisories?name=MDVSA-2013:084
http://www.openwall.com/lists/oss-security/2012/08/09/1
http://www.openwall.com/lists/oss-security/2012/08/09/2
https://bugzilla.gnome.org/show_bug.cgi?id=681081
https://bugzilla.redhat.com/show_bug.cgi?id=845426