Vulnerability Details : CVE-2010-2241
The (1) setup-ds.pl and (2) setup-ds-admin.pl setup scripts for Red Hat Directory Server 8 before 8.2 use world-readable permissions when creating cache files, which allows local users to obtain sensitive information including passwords for Directory and Administration Server administrative accounts.
Exploit prediction scoring system (EPSS) score for CVE-2010-2241
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-2241
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST |
CWE ids for CVE-2010-2241
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-2241
-
http://rhn.redhat.com/errata/RHSA-2010-0590.html
RHSA-2010:0590 - Security Advisory - Red Hat Customer Portal
-
https://bugzilla.redhat.com/show_bug.cgi?id=608032
608032 – (CVE-2010-2241) CVE-2010-2241 redhat-ds: setup script insecure .inf file permissions
-
http://www.securitytracker.com/id?1024281
Red Hat Directory Server Weak File Permissions Lets Local Users Obtain Administrative Passwords - SecurityTracker
Products affected by CVE-2010-2241
- cpe:2.3:a:redhat:directory_server:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:directory_server:8.1:*:*:*:*:*:*:*