CVE-2012-2150 – xfsprogs: xfs_metadump information disclosure flaw
https://notcve.org/view.php?id=CVE-2012-2150
xfs_metadump in xfsprogs before 3.2.4 does not properly obfuscate file data, which allows remote attackers to obtain sensitive information by reading a generated image. Vulnerabilidad en xfs_metadump en xfsprogs en versiones anteriores a la 3.2.4, no ofusca apropiadamente los datos de archivo, lo cual permite a atacantes remotos obtener información sensible mediante la lectura de una imagen generada. It was discovered that the xfs_metadump tool of the xfsprogs suite did not fully adhere to the standards of obfuscation described in its man page. In case a user with the necessary privileges used xfs_metadump and relied on the advertised obfuscation, the generated data could contain unexpected traces of potentially sensitive information. • http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163690.html http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164180.html http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164189.html http://lists.opensuse.org/opensuse-updates/2015-08/msg00027.html http://lists.opensuse.org/opensuse-updates/2016-01/msg00007.html http://oss.sgi.com/pipermail/xfs/2015-July/042726.html http://www.openwall.com/lists/oss-security/2015/07/23/12 http:/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •