CVE-2007-3200

NMASINST in Novell Modular Authentication Service (NMAS) 3.1.2 and earlier on NetWare logs its invoking command line to NMASINST.LOG, which might allow local users to obtain the admin username and password by reading this file.

CVSS v2.0 4.9 MEDIUM

4.9^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:C/I:N/A:N

Exploitability : 3.9 / Impact : 6.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://secure-support.novell.com/KanisaPlatform/Publishing/249/3260550_f.SAL_Public.html
http://www.securityfocus.com/bid/24405
http://securitytracker.com/id?1018215
http://secunia.com/advisories/25592	Vendor Advisory
http://osvdb.org/35943
http://www.vupen.com/english/advisories/2007/2118
https://exchange.xforce.ibmcloud.com/vulnerabilities/34806

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:novell:modular_authentication_service:*:*:*:*:*:*:*:*

Information

Published : 2007-06-12 16:30

Updated : 2017-07-28 18:32

NVD link : CVE-2007-3200

Mitre link : CVE-2007-3200

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

novell

modular_authentication_service

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://secure-support.novell.com/KanisaPlatform/Publishing/249/3260550_f.SAL_Public.html", "name": "https://secure-support.novell.com/KanisaPlatform/Publishing/249/3260550_f.SAL_Public.html", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/24405", "name": "24405", "tags": [], "refsource": "BID"}, {"url": "http://securitytracker.com/id?1018215", "name": "1018215", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/25592", "name": "25592", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://osvdb.org/35943", "name": "35943", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.vupen.com/english/advisories/2007/2118", "name": "ADV-2007-2118", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34806", "name": "novell-nmasinst-information-disclosure(34806)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "NMASINST in Novell Modular Authentication Service (NMAS) 3.1.2 and earlier on NetWare logs its invoking command line to NMASINST.LOG, which might allow local users to obtain the admin username and password by reading this file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2007-3200", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "severity": "MEDIUM", "impactScore": 6.9, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2007-06-12T23:30Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:novell:modular_authentication_service:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "3.1.2"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-29T01:32Z"}