CVE-2012-2150

Published: Aug 25, 2015Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

xfs_metadump in xfsprogs before 3.2.4 does not properly obfuscate file data, which allows remote attackers to obtain sensitive information by reading a generated image.

Affected (1)

Products: Sgi: Xfsprogs

Sgi

1 product

Xfsprogs

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sgi Xfsprogs	Up to 3.2.3

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (22)

http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163690.html

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164180.html

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164189.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-updates/2015-08/msg00027.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-updates/2016-01/msg00007.html

Source: secalert@redhat.com

http://oss.sgi.com/pipermail/xfs/2015-July/042726.html

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2015/07/23/12

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2015/07/30/3

Source: secalert@redhat.com

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

Source: secalert@redhat.com

http://www.securityfocus.com/bid/76013

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=817696

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163690.html