CVE-2013-3710 - Vulnerability Details - OpenCVE

SUSE Lifecycle Management Server (SLMS) before 1.3.7 does not generate a new secret key when the service starts, which allows remote attackers to defeat intended cryptographic protection mechanisms by leveraging knowledge of this key from a product installation elsewhere.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Novell	Suse Lifecycle Management Server

Configuration 1 [-]

OR	cpe:2.3:a:novell:suse_lifecycle_management_server::::::::
	cpe:2.3:a:novell:suse_lifecycle_management_server:1.0:::::::*
	cpe:2.3:a:novell:suse_lifecycle_management_server:1.1:::::::*
	cpe:2.3:a:novell:suse_lifecycle_management_server:1.2:::::::*

No data.

References

Link	Providers
http://osvdb.org/100653
https://bugzilla.novell.com/show_bug.cgi?id=852101
https://www.suse.com/support/update/announcement/2013/suse-su-20131813-1.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2013-12-10T15:00:00

Updated: 2024-08-06T16:14:56.772Z

Reserved: 2013-05-30T00:00:00

Link: CVE-2013-3710

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2013-12-10T16:55:25.447

Modified: 2025-04-11T00:51:21.963

Link: CVE-2013-3710

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-11-25T00:00:00", "descriptions": [{"lang": "en", "value": "SUSE Lifecycle Management Server (SLMS) before 1.3.7 does not generate a new secret key when the service starts, which allows remote attackers to defeat intended cryptographic protection mechanisms by leveraging knowledge of this key from a product installation elsewhere."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-12-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "SUSE-SU-2013:1813", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131813-1.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.novell.com/show_bug.cgi?id=852101"}, {"name": "100653", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/100653"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-3710", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "SUSE Lifecycle Management Server (SLMS) before 1.3.7 does not generate a new secret key when the service starts, which allows remote attackers to defeat intended cryptographic protection mechanisms by leveraging knowledge of this key from a product installation elsewhere."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "SUSE-SU-2013:1813", "refsource": "SUSE", "url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131813-1.html"}, {"name": "https://bugzilla.novell.com/show_bug.cgi?id=852101", "refsource": "CONFIRM", "url": "https://bugzilla.novell.com/show_bug.cgi?id=852101"}, {"name": "100653", "refsource": "OSVDB", "url": "http://osvdb.org/100653"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T16:14:56.772Z"}, "title": "CVE Program Container", "references": [{"name": "SUSE-SU-2013:1813", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131813-1.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.novell.com/show_bug.cgi?id=852101"}, {"name": "100653", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/100653"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-3710", "datePublished": "2013-12-10T15:00:00", "dateReserved": "2013-05-30T00:00:00", "dateUpdated": "2024-08-06T16:14:56.772Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:novell:suse_lifecycle_management_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "7DD3103B-FCA8-469E-A89E-3CEB06463828", "versionEndIncluding": "1.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:suse_lifecycle_management_server:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "8CB693F6-A69D-4551-915D-063334219958", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:suse_lifecycle_management_server:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "5F2A0B61-5099-4C89-8E5D-FC54B9353688", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:suse_lifecycle_management_server:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "03A962C0-24E8-46EB-94D0-A3C62F282864", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SUSE Lifecycle Management Server (SLMS) before 1.3.7 does not generate a new secret key when the service starts, which allows remote attackers to defeat intended cryptographic protection mechanisms by leveraging knowledge of this key from a product installation elsewhere."}, {"lang": "es", "value": "SUSE Lifecycle Management Server (SLMS) anteriores a 1.3.7 no genera una nueva clave secreta cuando el servicio arranca, lo que permite a atacantes remotos evadir mecanismos de proteccion criptogr\u00e1fica aprovechando el conocimiento de esta clave de una instalaci\u00f3n del producto en cualquier otro lugar."}], "id": "CVE-2013-3710", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-12-10T16:55:25.447", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/100653"}, {"source": "cve@mitre.org", "url": "https://bugzilla.novell.com/show_bug.cgi?id=852101"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131813-1.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/100653"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.novell.com/show_bug.cgi?id=852101"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131813-1.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-310"}], "source": "nvd@nist.gov", "type": "Primary"}]}