[email protected]CVE-2012-2150

HistoryAug 25, 2015 - 5:59 p.m.

CVE-2012-2150

2015-08-2517:59:00

CWE-200

[email protected]

web.nvd.nist.gov

105

cve-2012-2150

xfs_metadump

xfsprogs

file data obfuscation

sensitive information disclosure

remote attackers

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

5.8 Medium

AI Score

Confidence

Low

0.027 Low

EPSS

Percentile

90.5%

JSON

xfs_metadump in xfsprogs before 3.2.4 does not properly obfuscate file data, which allows remote attackers to obtain sensitive information by reading a generated image.

Affected configurations

NVD

Node

sgixfsprogsRange≤3.2.3

CPENameOperatorVersion
sgi:xfsprogssgi xfsprogsle3.2.3

CPE	Name	Operator	Version
sgi:xfsprogs	sgi xfsprogs	le	3.2.3

References

lists.fedoraproject.org/pipermail/package-announce/2015-August/163690.html

lists.fedoraproject.org/pipermail/package-announce/2015-August/164180.html

lists.fedoraproject.org/pipermail/package-announce/2015-August/164189.html

lists.opensuse.org/opensuse-updates/2015-08/msg00027.html

lists.opensuse.org/opensuse-updates/2016-01/msg00007.html

oss.sgi.com/pipermail/xfs/2015-July/042726.html

www.openwall.com/lists/oss-security/2015/07/23/12

www.openwall.com/lists/oss-security/2015/07/30/3

www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

www.securityfocus.com/bid/76013

bugzilla.redhat.com/show_bug.cgi?id=817696

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

5.8 Medium

AI Score

Confidence

Low

0.027 Low

EPSS

Percentile

90.5%

JSON

Related for CVE-2012-2150

centos1 nessus14 ibm1 mageia1 openvas8 fedora3 ubuntucve1 amazon1 oraclelinux1 redhat1 debiancve1 prion1 cvelist1 nvd1