CVE-2010-3282 - OpenCVE

389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server before B.08.10.03, when audit logging is enabled, logs the Directory Manager password (nsslapd-rootpw) in cleartext when changing cn=config:nsslapd-rootpw, which might allow local users to obtain sensitive information by reading the log.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:M/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Hp	Hp-ux Directory Server
Redhat	Directory Server Redhat Directory Server
Fedoraproject	389 Directory Server

Configuration 1 [-]

cpe:2.3:a:hp:hp-ux_directory_server:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:redhat:redhat_directory_server:*:*:*:*:*:hp-ux:*:*

Configuration 3 [-]

cpe:2.3:a:fedoraproject:389_directory_server:*:*:*:*:*:*:*:*

Configuration 4 [-]

cpe:2.3:a:redhat:directory_server:8.0:*:*:*:*:*:*:*

References

Link	Resource
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6914	Not Applicable
https://bugzilla.redhat.com/show_bug.cgi?id=625950	Issue Tracking Third Party Advisory
https://git.fedorahosted.org/cgit/389/ds.git/commit/?id=d38ae06	Product
https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c02522633&docLocale=en_US	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: hp

Published: 2020-01-09T20:52:18

Updated: 2020-01-09T20:52:18

Reserved: 2010-09-13T00:00:00

Link: CVE-2010-3282

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-01-09T21:15:10.810

Modified: 2020-01-29T15:27:59.437

Link: CVE-2010-3282

JSON object: View

Redhat Information

No data.

CWE

CWE-312

{"containers": {"cna": {"affected": [{"product": "389 Directory Server", "vendor": "Red Hat", "versions": [{"status": "affected", "version": "before 1.2.7.1"}]}, {"product": "HP-UX Directory Server", "vendor": "HP", "versions": [{"status": "affected", "version": "before B.08.10.03"}]}], "datePublic": "2010-09-22T00:00:00", "descriptions": [{"lang": "en", "value": "389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server before B.08.10.03, when audit logging is enabled, logs the Directory Manager password (nsslapd-rootpw) in cleartext when changing cn=config:nsslapd-rootpw, which might allow local users to obtain sensitive information by reading the log."}], "problemTypes": [{"descriptions": [{"description": "Path Disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-01-09T20:52:18", "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2", "shortName": "hp"}, "references": [{"name": "oval:org.mitre.oval:def:6914", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6914"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=625950"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://git.fedorahosted.org/cgit/389/ds.git/commit/?id=d38ae06"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c02522633&docLocale=en_US"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "hp-security-alert@hp.com", "ID": "CVE-2010-3282", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "389 Directory Server", "version": {"version_data": [{"version_value": "before 1.2.7.1"}]}}]}, "vendor_name": "Red Hat"}, {"product": {"product_data": [{"product_name": "HP-UX Directory Server", "version": {"version_data": [{"version_value": "before B.08.10.03"}]}}]}, "vendor_name": "HP"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server before B.08.10.03, when audit logging is enabled, logs the Directory Manager password (nsslapd-rootpw) in cleartext when changing cn=config:nsslapd-rootpw, which might allow local users to obtain sensitive information by reading the log."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Path Disclosure"}]}]}, "references": {"reference_data": [{"name": "oval:org.mitre.oval:def:6914", "refsource": "OVAL", "url": "http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6914"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=625950", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=625950"}, {"name": "https://git.fedorahosted.org/cgit/389/ds.git/commit/?id=d38ae06", "refsource": "CONFIRM", "url": "https://git.fedorahosted.org/cgit/389/ds.git/commit/?id=d38ae06"}, {"name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c02522633&docLocale=en_US", "refsource": "CONFIRM", "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c02522633&docLocale=en_US"}]}}}}, "cveMetadata": {"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2", "assignerShortName": "hp", "cveId": "CVE-2010-3282", "datePublished": "2020-01-09T20:52:18", "dateReserved": "2010-09-13T00:00:00", "dateUpdated": "2020-01-09T20:52:18", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hp:hp-ux_directory_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "9F804818-D589-41B4-B3B0-5F7D522FE7DF", "versionEndExcluding": "b.08.10.03", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:redhat_directory_server:*:*:*:*:*:hp-ux:*:*", "matchCriteriaId": "2513BFA8-9F43-4102-8C65-522955FB8821", "versionEndExcluding": "b.08.00.02", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "84F57181-500B-47A6-A4E1-827BF398913D", "versionEndExcluding": "1.2.7.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:directory_server:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "5E190C97-A279-4EEE-B9C4-1EA888920F80", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server before B.08.10.03, when audit logging is enabled, logs the Directory Manager password (nsslapd-rootpw) in cleartext when changing cn=config:nsslapd-rootpw, which might allow local users to obtain sensitive information by reading the log."}, {"lang": "es", "value": "389 Directory Server versiones anteriores a 1.2.7.1 (tambi\u00e9n se conoce como Red Hat Directory Server versi\u00f3n 8.2) y HP-UX Directory Server versiones anteriores a B.08.10.03, cuando el registro de auditor\u00eda est\u00e1 habilitado, registra la contrase\u00f1a de Directory Manager (nsslapd-rootpw) en texto sin cifrar cuando se cambia cn=config:nsslapd-rootpw, que podr\u00eda permitir a usuarios locales obtener informaci\u00f3n confidencial mediante la lectura del registro."}], "id": "CVE-2010-3282", "lastModified": "2020-01-29T15:27:59.437", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-01-09T21:15:10.810", "references": [{"source": "hp-security-alert@hp.com", "tags": ["Not Applicable"], "url": "http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6914"}, {"source": "hp-security-alert@hp.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=625950"}, {"source": "hp-security-alert@hp.com", "tags": ["Product"], "url": "https://git.fedorahosted.org/cgit/389/ds.git/commit/?id=d38ae06"}, {"source": "hp-security-alert@hp.com", "tags": ["Vendor Advisory"], "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c02522633&docLocale=en_US"}], "sourceIdentifier": "hp-security-alert@hp.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-312"}], "source": "nvd@nist.gov", "type": "Primary"}]}