Vulnerability Description
NET$SESSION_CONTROL.EXE in DECnet-Plus in OpenVMS ALPHA 7.3-2 and Alpha 8.2 writes a password to an audit log file when there is a successful connection after a "network breakin" event, which allows local users to obtain passwords by reading the file.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dec | Dec Openvms Alpha | 7.3.2 |
Related Weaknesses (CWE)
References
- ftp://ftp.itrc.hp.com/openvms_patches/alpha/V7.3-2/AXP_DNVOSIECO03-V732.txt
- ftp://ftp.itrc.hp.com/openvms_patches/alpha/V8.2/AXP_DNVOSIECO02-V82.txt
- http://secunia.com/advisories/21705PatchVendor Advisory
- http://secunia.com/advisories/23632Vendor Advisory
- http://securitytracker.com/id?1016772
- http://securitytracker.com/id?1017472
- http://www.osvdb.org/28272
- http://www.securityfocus.com/bid/19783Patch
- http://www.vupen.com/english/advisories/2006/3423Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28695
- ftp://ftp.itrc.hp.com/openvms_patches/alpha/V7.3-2/AXP_DNVOSIECO03-V732.txt
- ftp://ftp.itrc.hp.com/openvms_patches/alpha/V8.2/AXP_DNVOSIECO02-V82.txt
- http://secunia.com/advisories/21705PatchVendor Advisory
- http://secunia.com/advisories/23632Vendor Advisory
- http://securitytracker.com/id?1016772
FAQ
What is CVE-2006-4537?
CVE-2006-4537 is a vulnerability with a CVSS score of 2.1 (LOW). NET$SESSION_CONTROL.EXE in DECnet-Plus in OpenVMS ALPHA 7.3-2 and Alpha 8.2 writes a password to an audit log file when there is a successful connection after a "network breakin" event, which allows l...
How severe is CVE-2006-4537?
CVE-2006-4537 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-4537?
Check the references section above for vendor advisories and patch information. Affected products include: Dec Dec Openvms Alpha.