Lucene search
SuseSUSE-SU-2014:0022-1HistoryJan 06, 2014 - 4:04 p.m.
Security update for WebYaST (important)
2014-01-0616:04:13
lists.opensuse.org
12
EPSS
0.001
Percentile
16.0%
In the past WebYAST was installed with world readable
secret tokens. Although these were modified on the start
of the webyast service and so could not be read from
remote, it was possible for local attackers on the same
machine to read the secrets and so gain local root access
via the webyast services. This has been fixed.
(CVE-2013-3709)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| WebYaST | 1.2 | noarch | webyast-base-ui-testsuite | < 0.2.64-0.3.1 | webyast-base-ui-testsuite-0.2.64-0.3.1.noarch.rpm |
| WebYaST | 1.2 | noarch | webyast-base-ui-branding-default | < 0.2.64-0.3.1 | webyast-base-ui-branding-default-0.2.64-0.3.1.noarch.rpm |
| WebYaST | 1.2 | noarch | webyast-base-ui | < 0.2.64-0.3.1 | webyast-base-ui-0.2.64-0.3.1.noarch.rpm |
Related
nessus
nessus
openSUSE Security Update : webyast (openSUSE-SU-2013:1954-1)
2014-06-13 00:00:00
openSUSE Security Update : webyast (openSUSE-SU-2013:1952-1)
2014-06-13 00:00:00
openSUSE Security Update : webyast (openSUSE-SU-2013:1961-1)
2014-06-13 00:00:00
suse
suse
Fixes a local vulnerability (important)
2013-12-25 18:04:15
Fixes a local vulnerability (important)
2013-12-25 18:08:23
Security update for webyast (important)
2013-12-16 19:04:14
cvelist
cvelist
CVE-2013-3709
2013-12-23 23:00:00
openvas
openvas
SuSE Update for Fixes openSUSE-SU-2013:1961-1 (Fixes)
2013-12-30 00:00:00
openSUSE: Security Advisory for Fixes (openSUSE-SU-2013:1961-1)
2013-12-30 00:00:00
SuSE Update for Fixes openSUSE-SU-2013:1952-1 (Fixes)
2013-12-30 00:00:00
cve
cve
CVE-2013-3709
2013-12-23 23:55:04
prion
prion
Design/Logic Flaw
2013-12-23 23:55:00
nvd
nvd
CVE-2013-3709
2013-12-23 23:55:04