Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2010-07-28 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Apple Releases Safari 4.1.1 and 5.0.1 addressing several vulnerabilities. http://support.apple.com/kb/HT4276

Oracle announced GNOME Display Manager password disclosure weakness

Published: 2010-07-28
Last Updated: 2010-07-28 19:00:11 UTC
by donald smith (Version: 1)
1 comment(s)

According to this announcement:
http://secunia.com/advisories/40780/
"The problem is that passwords may in certain cases be logged to "/var/log/messages" while running GNOME Display Manager in debug mode (disabled by default)"

This was originally reported on 02-15-2009 here:
https://bugzilla.gnome.org/show_bug.cgi?id=571846
A patch was issued the same day. A "supported" patch was issued 05-14-2010.

The secunia advisory did not have many details.
The sunblog link provided did not have very much information.
http://blogs.sun.com/security/entry/cve_2010_2387_password_disclosure

The CVE is reserved and not available yet.
The rest of the information is apparently "in the Customer Are"”.

Does this mean we can count on a "no public disclosure policy" for SUN products now that Oracle owns them?






 

Keywords:
1 comment(s)
Diary Archives