62 matches found
SUSE SLES11 Security Update : supportutils (SUSE-SU-2019:13976-1)
The remote SUSE Linux SLES11 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2019:13976-1 advisory. - Supportutils, before version 3.1-5.7.1, when run with command line argument -A searched the file system for a ndspath binary. If an attacker...
SUSE: Security Advisory (SUSE-SU-2019:13976-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2016:1514-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2016:1507-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2019:1122-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Update : hostinfo / supportutils (openSUSE-2019-1351)
This update for hostinfo, supportutils fixes the following issues: Security issues fixed for supportutils : - CVE-2018-19640: Fixed an issue where users could kill arbitrary processes bsc1118463. - CVE-2018-19638: Fixed an issue where users could overwrite arbitrary log files bsc1118460. -...
openSUSE: Security Advisory for hostinfo, supportutils (openSUSE-SU-2019:1351-1)
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security update for hostinfo, supportutils (important)
openSUSE Security Update: Security update for hostinfo, supportutils Announcement ID: openSUSE-SU-2019:1351-1 Rating: important References: 1054979 1099498 1115245 1117751 1117776 1118460 1118462 1118463 1125623 1125666 Cross-References: CVE-2018-19636 CVE-2018-19637 CVE-2018-19638 CVE-2018-19639...
openSUSE Security Update : supportutils (openSUSE-2019-293)
This update for supportutils fixes the following issues : Security issues fixed : - CVE-2018-19640: Fixed an issue where users could kill arbitrary processes bsc1118463. - CVE-2018-19638: Fixed an issue where users could overwrite arbitrary log files bsc1118460. - CVE-2018-19639: Fixed a code...
openSUSE: Security Advisory for supportutils (openSUSE-SU-2019:0293-1)
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Code injection
Supportutils, before version 3.1-5.7.1, wrote data to static file /tmp/supplog, allowing local attackers to overwrite files on systems without symlink protection...
Code injection
In supportutils, before version 3.1-5.7.1 and if pacemaker is installed on the system, an unprivileged user could have overwritten arbitrary files in the directory that is used by supportutils to collect the log files...
Command injection
Supportutils, before version 3.1-5.7.1, when run with command line argument -A searched the file system for a ndspath binary. If an attacker provides one at an arbitrary location it is executed with root privileges...
Directory traversal
If the attacker manages to create files in the directory used to collect log files in supportutils before version 3.1-5.7.1 e.g. with CVE-2018-19638 he can kill arbitrary processes on the local machine...
Command injection
If supportutils before version 3.1-5.7.1 is run with -v to perform rpm verification and the attacker manages to manipulate the rpm listing e.g. with CVE-2018-19638 he can execute arbitrary commands as root...
CVE-2018-19636
Supportutils, before version 3.1-5.7.1, when run with command line argument -A searched the file system for a ndspath binary. If an attacker provides one at an arbitrary location it is executed with root privileges...
CVE-2018-19637
Supportutils, before version 3.1-5.7.1, wrote data to static file /tmp/supplog, allowing local attackers to overwrite files on systems without symlink protection...
CVE-2018-19638
In supportutils, before version 3.1-5.7.1 and if pacemaker is installed on the system, an unprivileged user could have overwritten arbitrary files in the directory that is used by supportutils to collect the log files...
CVE-2018-19639
If supportutils before version 3.1-5.7.1 is run with -v to perform rpm verification and the attacker manages to manipulate the rpm listing e.g. with CVE-2018-19638 he can execute arbitrary commands as root...
CVE-2018-19636
Supportutils, before version 3.1-5.7.1, when run with command line argument -A searched the file system for a ndspath binary. If an attacker provides one at an arbitrary location it is executed with root privileges...