SUSE: Security Advisory (SUSE-SU-2020:14570-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2016:1507-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2019:1122-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the ndspath command implementation in the operating system support utilities package for SUSE Linux Supportutils allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the ndspath command in the operating system support utilities package for SUSE Linux Supportutils is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

The vulnerability of the operating system utility package OC SUSE Linux Supportutils lies in the lack of measures to neutralize special elements used in the operating system’s commands. This allows attackers to execute arbitrary commands.

The vulnerability of the operating system utility package for SUSE Linux Supportutils lies in the lack of measures taken to neutralize special elements used in the operating system’s command line. Exploiting this vulnerability allows an attacker to execute arbitrary commands by controlling the rp...

The vulnerability of the operating system utility package for SUSE Linux Supportutils lies in insufficient validation of input data, allowing a hacker to trigger a service failure.

The vulnerability of the operating system support utility package for SUSE Linux Supportutils is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to trigger a service failure using the kill command...

The vulnerability of the operating system utility package OC SUSE Linux Supportutils lies in the incorrect handling of file access links, allowing attackers to overwrite arbitrary files.

The vulnerability of the operating system utility package for SUSE Linux Supportutils is related to an incorrect definition of the link before accessing the file. Exploiting this vulnerability could allow an attacker to re-write any files they desire...

The vulnerability of the Pacemaker resource manager in the operating system utility package for SUSE Linux Supportutils allows a hacker to re-record arbitrary files.

The vulnerability of the Pacemaker resource manager in the Oracle Enterprise Linux distribution is related to an incorrect definition of the link before accessing a file. Exploiting this vulnerability could allow an attacker to re-write any files they desire...

openSUSE Security Update : hostinfo / supportutils (openSUSE-2019-1351)

This update for hostinfo, supportutils fixes the following issues: Security issues fixed for supportutils : - CVE-2018-19640: Fixed an issue where users could kill arbitrary processes bsc1118463. - CVE-2018-19638: Fixed an issue where users could overwrite arbitrary log files bsc1118460. -...

openSUSE: Security Advisory for hostinfo, supportutils (openSUSE-SU-2019:1351-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for hostinfo, supportutils (important)

openSUSE Security Update: Security update for hostinfo, supportutils Announcement ID: openSUSE-SU-2019:1351-1 Rating: important References: 1054979 1099498 1115245 1117751 1117776 1118460 1118462 1118463 1125623 1125666 Cross-References: CVE-2018-19636 CVE-2018-19637 CVE-2018-19638 CVE-2018-19639...

SUSE-SU-2019:1122-1 Security update for hostinfo, supportutils

This update for hostinfo, supportutils fixes the following issues: Security issues fixed for supportutils: - CVE-2018-19640: Fixed an issue where users could kill arbitrary processes bsc1118463. - CVE-2018-19638: Fixed an issue where users could overwrite arbitrary log files bsc1118460. -...

OPENSUSE-SU-2019:0293-1 Security update for supportutils

This update for supportutils fixes the following issues: Security issues fixed: - CVE-2018-19640: Fixed an issue where users could kill arbitrary processes bsc1118463. - CVE-2018-19638: Fixed an issue where users could overwrite arbitrary log files bsc1118460. - CVE-2018-19639: Fixed a code...

SUSE Supportutils Input Validation Error Vulnerability (CNVD-2019-39164)

SUSE Supportutils is a collection of utility programs used in SUSE Linux systems from SUSE Germany. The product has the ability to collect system troubleshooting information, read and interpret the basic-health-check.txt file, and perform a brief analysis of the kernel core files. An input...

openSUSE Security Update : supportutils (openSUSE-2019-293)

This update for supportutils fixes the following issues : Security issues fixed : - CVE-2018-19640: Fixed an issue where users could kill arbitrary processes bsc1118463. - CVE-2018-19638: Fixed an issue where users could overwrite arbitrary log files bsc1118460. - CVE-2018-19639: Fixed a code...

openSUSE: Security Advisory for supportutils (openSUSE-SU-2019:0293-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2018-19636

Supportutils, before version 3.1-5.7.1, when run with command line argument -A searched the file system for a ndspath binary. If an attacker provides one at an arbitrary location it is executed with root privileges...

Command injection

If supportutils before version 3.1-5.7.1 is run with -v to perform rpm verification and the attacker manages to manipulate the rpm listing e.g. with CVE-2018-19638 he can execute arbitrary commands as root...

CVE-2018-19640

If the attacker manages to create files in the directory used to collect log files in supportutils before version 3.1-5.7.1 e.g. with CVE-2018-19638 he can kill arbitrary processes on the local machine...

Code injection

Supportutils, before version 3.1-5.7.1, wrote data to static file /tmp/supplog, allowing local attackers to overwrite files on systems without symlink protection...