openSUSE Security Update : aaa_base (openSUSE-SU-2011:0207-1)

shell meta characters in file names could cause interactive shells to execute arbitrary commands when performing tab expansion CVE-2011-0468. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

CVE-2013-3713

The image creation configuration in aaabase before 16.26.1 for openSUSE 13.1 KDE adds the root user to the "users" group when installing from a live image, which allows local users to obtain sensitive information and possibly have other unspecified impacts, as demonstrated by reading /etc/shadow...

CVE-2013-3713

The CVE-2013-3713 issue affects openSUSE 13.1 KDE with aaa_base prior to 16.26.1. The image creation configuration erroneously adds the root user to the 'users' group when installing from a Live image, enabling local users to read sensitive files such as /etc/shadow and potentially other impacts....

SuSE 11.1 Security Update : aaa_base (SAT Patch Number 3910)

The following bug has been fixed : - The boot.localfs init script wrote a file to /dev/shm during shut-down. Since local users may create symlinks there a malicious user could cause corruption of arbitrary files. CVE-2011-0461 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive...

openSUSE Security Update : aaa_base (openSUSE-SU-2011:0171-1)

The boot.localfs init script wrote a file to /dev/shm during shut-down. Since local users may create symlinks there a malicious user could cause corruption of arbitrary files CVE-2011-0461. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...

CVE-2011-0468

The aaabase package before 11.3-8.9.1 in SUSE openSUSE 11.3, and before 11.4-54.62.1 in openSUSE 11.4, allows local users to gain privileges via shell metacharacters in a filename, related to tab expansion...

Code injection

The aaabase package before 11.3-8.9.1 in SUSE openSUSE 11.3, and before 11.4-54.62.1 in openSUSE 11.4, allows local users to gain privileges via shell metacharacters in a filename, related to tab expansion...

CVE-2011-0468

The CVE-2011-0468 entry concerns the openSUSE SUSE aaa_base package. Affected products include openSUSE 11.3 (before 11.3-8.9.1) and openSUSE 11.4 (before 11.4-54.62.1). The vulnerability allows local users to escalate privileges via shell metacharacters in a filename, related to tab expansion wi...

CVE-2011-0468

The aaabase package before 11.3-8.9.1 in SUSE openSUSE 11.3, and before 11.4-54.62.1 in openSUSE 11.4, allows local users to gain privileges via shell metacharacters in a filename, related to tab expansion...

CVE-2011-0461

CVE-2011-0461 affects the openSUSE/SUSE package aaa_base. The flaw is in /etc/init.d/boot.localfs and allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/mtab. Affected products/versions are aaa_base in SUSE/OpenSUSE 11.2 prior to 11.2-43.48.1 and in OpenSUSE 11.3 pri...

SLES9: Security update for aaa_base

The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: aaabase More details may also be found by searching for keyword 5013113 within the SuSE Enterprise Server 9 patch database at...

SLES9: Security update for aaa_base

The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: aaabase More details may also be found by searching for keyword 5013113 within the SuSE Enterprise Server 9 patch database linked in the references...

CVE-2000-0433

The SuSE aaabase package installs some system accounts with home directories set to /tmp, which allows local users to gain privileges to those accounts by creating standard user startup scripts such as profiles...

CVE-2000-0433

CVE-2000-0433 affects the SuSE aaa_base package. The description states that it installs some system accounts with home directories set to /tmp, enabling local users to gain privileges by creating standard user startup scripts such as profiles. The CVSSv2 vector (LOCAL, LOW complexity, NONE authe...

Security Announcement - aaa_base

SuSE Security Announcement Package: aaabase 2000.1.3 Date: Sat, 29 Apr 2000 14:03:28 GMT Affected SuSE versions: all Vulnerability Type: remove any local files executing attacker supplied commands as non-root SuSE default package: yes Other affected systems: unknown A security hole was discovered...

aaa_base not vulnerable

...

CVE-2000-0293

aaabase in SuSE Linux 6.3, and cron.daily in earlier versions, allow local users to delete arbitrary files by creating files whose names include spaces, which are then incorrectly interpreted by aaabase when it deletes expired files from the /tmp directory...

CVE-2000-0293

CVE-2000-0293 affects SuSE Linux 6.3 (and cron.daily in earlier versions). The issue arises in file deletion logic: local users can cause arbitrary files to be deleted by creating files whose names include spaces, which are then misinterpreted by aaa_base when it deletes expired files from /tmp. ...