SUSE CVE-2008-2388

Multiple off-by-one errors in opensuse-updater in openSUSE 10.2 have unspecified impact and attack vectors. NOTE: the vendor states that these "can be considered no security problem."...

opensuse-updater符号链接本地信息泄漏漏洞

BUGTRAQ ID: 29608 CVE ID：CVE-2008-2389 CNCVE ID:CNCVE-20082389 opensuse-updater是一款类似apt-get的软件包更新实现。 opensuse-updater处理符号链接存在问题，本地攻击者可以利用漏洞获得敏感信息。 目前没有详细漏洞细节提供。 S.u.S.E. opensuse-updater 0 S.u.S.E. openSUSE 10.2 SUSE-SR:2008:012已经修正此漏洞：...

CVE-2008-2388

Multiple off-by-one errors in opensuse-updater in openSUSE 10.2 have unspecified impact and attack vectors. NOTE: the vendor states that these "can be considered no security problem."...

Code injection

Multiple off-by-one errors in opensuse-updater in openSUSE 10.2 have unspecified impact and attack vectors. NOTE: the vendor states that these "can be considered no security problem."...

CVE-2008-2389

opensuse-updater in openSUSE 10.2 allows local users to access arbitrary files via a symlink attack...

CVE-2008-2388

CVE-2008-2388 affects opensuse-updater in openSUSE 10.2. The vulnerability is described as multiple off-by-one errors in the updater component, with the impact and attack vectors stated as unspecified. The vendor notes these “can be considered no security problem,” and no concrete exploitation de...

CVE-2008-2389

CVE-2008-2389 affects opensuse-updater in openSUSE 10.2. Local users can access arbitrary files via a symlink attack due to improper handling of symbolic links in the updater. The issue is publicly documented across multiple feeds; SUSE fixed it in SUSE-SR:2008:012 (security advisory).

openSUSE 10 Security Update : opensuse-updater (opensuse-updater-5262)

This update fixes a symlink problem and two off-by-one vulnerabilities. The overflows can be considered no security problem but the symlink flaw could be used by local users to gain unauthorized access to information like passwords. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...