Lucene search
SuseSUSE-SA:2008:054HistoryNov 25, 2008 - 12:17 p.m.
local privilege escalation in yast2-backup
2008-11-2512:17:31
lists.opensuse.org
10
0.0004 Low
EPSS
Percentile
9.8%
Insufficient shell quoting in yast2-backup allowed local users to craft special file names that inject shell code into the backup process (CVE-2008-4636).
Solution
There is no known workaround, please install the update packages.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| openSUSE | 11.0 | noarch | yast2-backup | < 2.16.6-0.1 | yast2-backup-2.16.6-0.1.noarch.rpm |
| openSUSE | 10.2 | noarch | yast2-backup | < 2.14.2-0.1 | yast2-backup-2.14.2-0.1.noarch.rpm |
| openSUSE | 10.3 | noarch | yast2-backup | < 2.15.7-0.1 | yast2-backup-2.15.7-0.1.noarch.rpm |
| SUSE Linux Enterprise Server | 10.2 | noarch | yast2-backup | < 2.13.6-0.1 | yast2-backup-2.13.6-0.1.noarch.rpm |
| Novell Open Enterprise Server (OES) | any | noarch | yast2-backup | < 2.9.22-0.1 | yast2-backup-2.9.22-0.1.noarch.rpm |
Related
cve
cve
CVE-2008-4636
2008-11-27 00:30:00
nessus
nessus
SuSE 10 Security Update : yast2-backup (ZYPP Patch Number 5760)
2009-09-24 00:00:00
SuSE9 Security Update : yast2-backup (YOU Patch Number 12279)
2009-09-24 00:00:00
SuSE 10 Security Update : yast2-backup (ZYPP Patch Number 5739)
2008-11-25 00:00:00
openvas
openvas
SuSE Update for yast2-backup SUSE-SA:2008:054
2009-01-23 00:00:00
SLES10: Security update for yast2-backup
2009-10-13 00:00:00
SLES9: Security update for yast2-backup
2009-10-10 00:00:00
cvelist
cvelist
CVE-2008-4636
2008-11-27 00:00:00
nvd
nvd
CVE-2008-4636
2008-11-27 00:30:00
prion
prion
Design/Logic Flaw
2008-11-27 00:30:00