CVE-2012-2150
xfsprogs: xfs_metadump information disclosure flaw
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
xfs_metadump in xfsprogs before 3.2.4 does not properly obfuscate file data, which allows remote attackers to obtain sensitive information by reading a generated image.
Vulnerabilidad en xfs_metadump en xfsprogs en versiones anteriores a la 3.2.4, no ofusca apropiadamente los datos de archivo, lo cual permite a atacantes remotos obtener informaciĆ³n sensible mediante la lectura de una imagen generada.
It was discovered that the xfs_metadump tool of the xfsprogs suite did not fully adhere to the standards of obfuscation described in its man page. In case a user with the necessary privileges used xfs_metadump and relied on the advertised obfuscation, the generated data could contain unexpected traces of potentially sensitive information.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2012-04-04 CVE Reserved
- 2015-08-25 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (12)
URL | Tag | Source |
---|---|---|
http://oss.sgi.com/pipermail/xfs/2015-July/042726.html | Mailing List | |
http://www.openwall.com/lists/oss-security/2015/07/23/12 | Mailing List | |
http://www.openwall.com/lists/oss-security/2015/07/30/3 | Mailing List | |
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html | X_refsource_confirm | |
http://www.securityfocus.com/bid/76013 | Vdb Entry |
URL | Date | SRC |
---|
URL | Date | SRC |
---|