CVE-2012-3466

gnome-keyring 3.4.0-3.4.1 - Unspecified Impact via Passphrase Cache Mismanagement

Title source: llm

Description

GNOME gnome-keyring 3.4.0 through 3.4.1, when gpg-cache-method is set to "idle" or "timeout," does not properly limit the amount of time a passphrase is cached, which allows attackers to have an unspecified impact via unknown attack vectors.

References (9)

Core 9

Core References

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2012/08/09/2

Patch x_refsource_confirm

http://git.gnome.org/browse/gnome-keyring/commit/?id=51606f299e5ee9d48096db0a5957efe26cbf7cc3

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2012/08/09/1

Patch x_refsource_confirm

http://git.gnome.org/browse/gnome-keyring/commit/?id=5dff623470b859e332dbe12afb0dc57b292832d2

Exploit x_refsource_confirm

https://bugzilla.gnome.org/show_bug.cgi?id=681081

Issue Tracking x_refsource_misc

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683655

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-updates/2012-09/msg00037.html

Issue Tracking x_refsource_misc

https://bugzilla.redhat.com/show_bug.cgi?id=845426

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2013:084

Scores

EPSS 0.0007

EPSS Percentile 20.6%

Details

CWE

CWE-264

Status published

Products (2)

gnome/gnome-keyring 3.4.0

gnome/gnome-keyring 3.4.1

Published Oct 22, 2012

Tracked Since Feb 18, 2026