CVE-2012-3466 - OpenCVE

GNOME gnome-keyring 3.4.0 through 3.4.1, when gpg-cache-method is set to "idle" or "timeout," does not properly limit the amount of time a passphrase is cached, which allows attackers to have an unspecified impact via unknown attack vectors.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Gnome	Gnome-keyring

Configuration 1 [-]

OR	cpe:2.3:a:gnome:gnome-keyring:3.4.0:::::::*
	cpe:2.3:a:gnome:gnome-keyring:3.4.1:::::::*

References

Link	Resource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683655
http://git.gnome.org/browse/gnome-keyring/commit/?id=51606f299e5ee9d48096db0a5957efe26cbf7cc3
http://git.gnome.org/browse/gnome-keyring/commit/?id=5dff623470b859e332dbe12afb0dc57b292832d2	Patch
http://lists.opensuse.org/opensuse-updates/2012-09/msg00037.html
http://www.mandriva.com/security/advisories?name=MDVSA-2013:084
http://www.openwall.com/lists/oss-security/2012/08/09/1
http://www.openwall.com/lists/oss-security/2012/08/09/2
https://bugzilla.gnome.org/show_bug.cgi?id=681081	Exploit
https://bugzilla.redhat.com/show_bug.cgi?id=845426

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2012-10-22T23:00:00

Updated: 2013-12-02T13:57:00

Reserved: 2012-06-14T00:00:00

Link: CVE-2012-3466

JSON object: View

NVD Information

Status : Modified

Published: 2012-10-22T23:55:06.057

Modified: 2013-12-05T05:15:46.690

Link: CVE-2012-3466

JSON object: View

Redhat Information

No data.

CWE

CWE-264

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-08-02T00:00:00", "descriptions": [{"lang": "en", "value": "GNOME gnome-keyring 3.4.0 through 3.4.1, when gpg-cache-method is set to \"idle\" or \"timeout,\" does not properly limit the amount of time a passphrase is cached, which allows attackers to have an unspecified impact via unknown attack vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-12-02T13:57:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[oss-security] 20120808 Re: CVE Request: gnome-keyring: improper caching of gpg password/passphrase", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/08/09/2"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.gnome.org/browse/gnome-keyring/commit/?id=51606f299e5ee9d48096db0a5957efe26cbf7cc3"}, {"name": "[oss-security] 20120809 CVE Request: gnome-keyring: improper caching of gpg password/passphrase", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/08/09/1"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.gnome.org/browse/gnome-keyring/commit/?id=5dff623470b859e332dbe12afb0dc57b292832d2"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.gnome.org/show_bug.cgi?id=681081"}, {"tags": ["x_refsource_MISC"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683655"}, {"name": "openSUSE-SU-2012:1121", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00037.html"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=845426"}, {"name": "MDVSA-2013:084", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:084"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-3466", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "GNOME gnome-keyring 3.4.0 through 3.4.1, when gpg-cache-method is set to \"idle\" or \"timeout,\" does not properly limit the amount of time a passphrase is cached, which allows attackers to have an unspecified impact via unknown attack vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20120808 Re: CVE Request: gnome-keyring: improper caching of gpg password/passphrase", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/08/09/2"}, {"name": "http://git.gnome.org/browse/gnome-keyring/commit/?id=51606f299e5ee9d48096db0a5957efe26cbf7cc3", "refsource": "CONFIRM", "url": "http://git.gnome.org/browse/gnome-keyring/commit/?id=51606f299e5ee9d48096db0a5957efe26cbf7cc3"}, {"name": "[oss-security] 20120809 CVE Request: gnome-keyring: improper caching of gpg password/passphrase", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/08/09/1"}, {"name": "http://git.gnome.org/browse/gnome-keyring/commit/?id=5dff623470b859e332dbe12afb0dc57b292832d2", "refsource": "CONFIRM", "url": "http://git.gnome.org/browse/gnome-keyring/commit/?id=5dff623470b859e332dbe12afb0dc57b292832d2"}, {"name": "https://bugzilla.gnome.org/show_bug.cgi?id=681081", "refsource": "CONFIRM", "url": "https://bugzilla.gnome.org/show_bug.cgi?id=681081"}, {"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683655", "refsource": "MISC", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683655"}, {"name": "openSUSE-SU-2012:1121", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00037.html"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=845426", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=845426"}, {"name": "MDVSA-2013:084", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:084"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-3466", "datePublished": "2012-10-22T23:00:00", "dateReserved": "2012-06-14T00:00:00", "dateUpdated": "2013-12-02T13:57:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnome:gnome-keyring:3.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "6DF68164-EEEE-4499-AEF5-F8FE449F47A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:gnome-keyring:3.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "D0D7C15C-901D-432C-A233-349DBCC40816", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "GNOME gnome-keyring 3.4.0 through 3.4.1, when gpg-cache-method is set to \"idle\" or \"timeout,\" does not properly limit the amount of time a passphrase is cached, which allows attackers to have an unspecified impact via unknown attack vectors."}, {"lang": "es", "value": "GNOME gnome-keyring v3.4.0 hasta v3.4.1, cuando gpg-cache-method se establece en \"idle\" o \"timeout\", no limita correctamente la cantidad de tiempo que una contrase\u00f1a se almacena en cach\u00e9, lo que permite a los atacantes tener un impacto no especificado a trav\u00e9s de vectores de ataque desconocidos."}], "id": "CVE-2012-3466", "lastModified": "2013-12-05T05:15:46.690", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-10-22T23:55:06.057", "references": [{"source": "secalert@redhat.com", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683655"}, {"source": "secalert@redhat.com", "url": "http://git.gnome.org/browse/gnome-keyring/commit/?id=51606f299e5ee9d48096db0a5957efe26cbf7cc3"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://git.gnome.org/browse/gnome-keyring/commit/?id=5dff623470b859e332dbe12afb0dc57b292832d2"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00037.html"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:084"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/08/09/1"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/08/09/2"}, {"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "https://bugzilla.gnome.org/show_bug.cgi?id=681081"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=845426"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}