In the past WebYAST was installed with world readable
secret tokens. Although these were modified on the start
of the webyast service and so could not be read from
remote, it was possible for local attackers on the same
machine to read the secrets and so gain local root access
via the webyast services. This has been fixed.
(CVE-2013-3709)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
WebYaST | 1.2 | noarch | webyast-base-ui-testsuite | < 0.2.64-0.3.1 | webyast-base-ui-testsuite-0.2.64-0.3.1.noarch.rpm |
WebYaST | 1.2 | noarch | webyast-base-ui-branding-default | < 0.2.64-0.3.1 | webyast-base-ui-branding-default-0.2.64-0.3.1.noarch.rpm |
WebYaST | 1.2 | noarch | webyast-base-ui | < 0.2.64-0.3.1 | webyast-base-ui-0.2.64-0.3.1.noarch.rpm |