Lucene search
HistoryJul 05, 2009 - 4:30 p.m.
CVE-2009-1648
yast2
ldap
yast2-ldap-server
suse linux enterprise server 11
firewall
remote attackers
network services
6.7 Medium
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
76.5%
The YaST2 LDAP module in yast2-ldap-server on SUSE Linux Enterprise Server 11 (aka SLE11) does not enable the firewall in certain circumstances involving reboots during online updates, which makes it easier for remote attackers to access network services.
| CPE | Name | Operator | Version |
|---|---|---|---|
| suse:suse_linux | suse suse linux | eq | 11 |
Related
openvas
openvas
SLES11: Security update for YaST2 LDAP module
2009-10-11 00:00:00
SLES11: Security update for YaST2 LDAP module
2009-10-11 00:00:00
SUSE: Security Summary (SUSE-SR:2009:012)
2009-07-06 00:00:00
prion
prion
Code injection
2009-07-05 16:30:00
nessus
nessus
SuSE 11 Security Update : YaST2 LDAP module (SAT Patch Number 896)
2009-09-24 00:00:00
6.7 Medium
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
76.5%
Related for CVE-2009-1648