Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3466

Overview

Vulnerability Score 4.4 4.4
CVE Id CVE-2012-3466
Last Modified 05 Dec 2013 12:15:46
Published 22 Oct 2012 07:55:06
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2012-3466

Summary

GNOME gnome-keyring 3.4.0 through 3.4.1, when gpg-cache-method is set to "idle" or "timeout," does not properly limit the amount of time a passphrase is cached, which allows attackers to have an unspecified impact via unknown attack vectors.

Vulnerable Systems

Application

  • Gnome-keyring 3.4.0

  • Gnome-keyring 3.4.1


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=845426

CONFIRM - https://bugzilla.gnome.org/show_bug.cgi?id=681081

MLIST - [oss-security] 20120808 Re: CVE Request: gnome-keyring: improper caching of gpg password/passphrase

MLIST - [oss-security] 20120809 CVE Request: gnome-keyring: improper caching of gpg password/passphrase

SUSE - openSUSE-SU-2012:1121

CONFIRM - http://git.gnome.org/browse/gnome-keyring/commit/?id=5dff623470b859e332dbe12afb0dc57b292832d2

CONFIRM - http://git.gnome.org/browse/gnome-keyring/commit/?id=51606f299e5ee9d48096db0a5957efe26cbf7cc3

MISC - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683655

MANDRIVA - MDVSA-2013:084


Last Updated: 27 May 2016 10:51:46