90 matches found
CVE-2018-19636
Supportutils, before version 3.1-5.7.1, when run with command line argument -A searched the file system for a ndspath binary. If an attacker provides one at an arbitrary location it is executed with root privileges...
CVE-2018-19637
Supportutils, before version 3.1-5.7.1, wrote data to static file /tmp/supplog, allowing local attackers to overwrite files on systems without symlink protection...
Command injection
Supportutils, before version 3.1-5.7.1, when run with command line argument -A searched the file system for a ndspath binary. If an attacker provides one at an arbitrary location it is executed with root privileges...
CVE-2018-19638
In supportutils, before version 3.1-5.7.1 and if pacemaker is installed on the system, an unprivileged user could have overwritten arbitrary files in the directory that is used by supportutils to collect the log files...
CVE-2018-19639
If supportutils before version 3.1-5.7.1 is run with -v to perform rpm verification and the attacker manages to manipulate the rpm listing e.g. with CVE-2018-19638 he can execute arbitrary commands as root...
CVE-2018-19636
CVE-2018-19636 affects the openSUSE/SUSE supportutils package (and related hostinfo updates) prior to version 3.1-5.7.1. The vulnerability is a local root exploit via inclusion of an attacker-controlled shell script, executed with root privileges when supportutils is run (specifically under the d...
CVE-2018-19636 Local root exploit via inclusion of attacker controlled shell script
Supportutils, before version 3.1-5.7.1, when run with command line argument -A searched the file system for a ndspath binary. If an attacker provides one at an arbitrary location it is executed with root privileges...
CVE-2018-19639 Code execution if run with command line switch -v
If supportutils before version 3.1-5.7.1 is run with -v to perform rpm verification and the attacker manages to manipulate the rpm listing e.g. with CVE-2018-19638 he can execute arbitrary commands as root...
CVE-2018-19640
CVE-2018-19640 affects the OpenSUSE/openSUSE/SUSE openSUSE hostinfo and supportutils up to versions before 3.1-5.7.1. The issue allows an attacker who can create files in the log-collection directory to kill arbitrary processes on the local machine. Root cause cited: manipulation of the log direc...
CVE-2018-19638 User can overwrite arbitrary log files in support tar
In supportutils, before version 3.1-5.7.1 and if pacemaker is installed on the system, an unprivileged user could have overwritten arbitrary files in the directory that is used by supportutils to collect the log files...
CVE-2018-19639
CVE-2018-19639 affects supportutils before 3.1-5.7.1; when run with -v to verify RPMs, an attacker who can manipulate the RPM listing could execute arbitrary commands as root. OpenSUSE/SUSE advisories (openSUSE-2019-1351, SUSE-SU-2019:13976-1) state this vulnerability is fixed in the respective s...
CVE-2018-19638
CVE-2018-19638 affects supportutils prior to 3.1-5.7.1: an unprivileged user could overwrite arbitrary files in the log-collection directory when pacemaker is installed. OpenSUSE/SUSE advisories (openSUSE-2019-1351) fix this by upgrading supportutils to 3.1.17-2.2 (and related updates for hostinf...
CVE-2018-19637
CVE-2018-19637 affects supportutils prior to 3.1-5.7.1, where a static temporary file in /tmp/supp_log could be overwritten by local attackers due to insufficient symlink protection. Connected advisories confirm this issue is among a set of fixes in openSUSE/SUSE security updates (e.g., openSUSE-...
CVE-2018-19640 Code execution if run with command line switch -v
If the attacker manages to create files in the directory used to collect log files in supportutils before version 3.1-5.7.1 e.g. with CVE-2018-19638 he can kill arbitrary processes on the local machine...
CVE-2018-19637 Static temporary filename allows overwriting of files
Supportutils, before version 3.1-5.7.1, wrote data to static file /tmp/supplog, allowing local attackers to overwrite files on systems without symlink protection...
Security update for supportutils (important)
openSUSE Security Update: Security update for supportutils Announcement ID: openSUSE-SU-2019:0293-1 Rating: important References: 1043311 1046681 1051797 1071545 1105849 1112461 1115245 1117776 1118460 1118462 1118463 1125609 1125666 Cross-References: CVE-2018-19637 CVE-2018-19638 CVE-2018-19639...
SUSE Supportutils Backlink Vulnerability
SUSE Supportutils is a collection of utility programs used in SUSE Linux systems from SUSE Germany. The product has the ability to collect system troubleshooting information, read and interpret the basic-health-check.txt file, and perform a brief analysis of the kernel core files. A backlink...
SUSE Supportutils Backlink Vulnerability (CNVD-2019-39167)
SUSE Supportutils is a collection of utility programs used in SUSE Linux systems from SUSE Germany. The product has the ability to collect system troubleshooting information, read and interpret the basic-health-check.txt file, and perform a brief analysis of the kernel core files. A backlink...
SUSE Supportutils Command Injection Vulnerability
SUSE Supportutils is a collection of utility programs used in SUSE Linux systems from SUSE Germany. The product has the ability to collect system troubleshooting information, read and interpret the basic-health-check.txt file, and perform a brief analysis of the kernel core files. A command...
SUSE Supportutils Input Validation Error Vulnerability
SUSE Supportutils is a collection of utility programs used in SUSE Linux systems from SUSE Germany. The product has the ability to collect system troubleshooting information, read and interpret the basic-health-check.txt file, and perform a brief analysis of the kernel core files. An input...