Summary
Detail | |||
---|---|---|---|
Vendor | Novell | First view | 2005-10-27 |
Product | Suse Linux | Last view | 2015-04-16 |
Version | 12 | Type | |
Update | |||
Edition | server | ||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
Date | Alert | Description | |
---|---|---|---|
3.5 | 2015-04-16 | CVE-2015-2567 | Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges. |
2.8 | 2015-04-16 | CVE-2015-2566 | Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via vectors related to DML. |
7.8 | 2013-07-29 | CVE-2013-4854 | The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013. |
4.4 | 2011-04-18 | CVE-2011-0988 | pure-ftpd 1.0.22, as used in SUSE Linux Enterprise Server 10 SP3 and SP4, and Enterprise Desktop 10 SP3 and SP4, when running OES Netware extensions, creates a world-writeable directory, which allows local users to overwrite arbitrary files and gain privileges via unspecified vectors. |
10 | 2011-01-12 | CVE-2010-3912 | The supportconfig script in supportutils in SUSE Linux Enterprise 11 SP1 and 10 SP3 does not "disguise passwords" in configuration files, which has unknown impact and attack vectors. |
7.2 | 2010-10-12 | CVE-2010-3110 | Multiple buffer overflows in the Novell Client novfs module for the Linux kernel in SUSE Linux Enterprise 11 SP1 and openSUSE 11.3 allow local users to gain privileges via unspecified vectors. |
5 | 2010-09-03 | CVE-2010-1507 | WebYaST in yast2-webclient in SUSE Linux Enterprise (SLE) 11 on the WebYaST appliance uses a fixed secret key that is embedded in the appliance's image, which allows remote attackers to spoof session cookies by leveraging knowledge of this key. |
4.4 | 2009-10-23 | CVE-2009-1297 | iscsi_discovery in open-iscsi in SUSE openSUSE 10.3 through 11.1 and SUSE Linux Enterprise (SLE) 10 SP2 and 11, and other operating systems, allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file that has a predictable name. |
4.6 | 2007-08-20 | CVE-2007-4432 | Untrusted search path vulnerability in the wrapper scripts for the (1) rug, (2) zen-updater, (3) zen-installer, and (4) zen-remover programs on SUSE Linux 10.1 and Enterprise 10 allows local users to gain privileges via modified (a) LD_LIBRARY_PATH and (b) MONO_GAC_PREFIX environment variables. |
2.1 | 2007-08-17 | CVE-2007-4394 | Unspecified vulnerability in a "core clean" cron job created by the findutils-locate package on SUSE Linux 10.0 and 10.1 and Enterprise Server 9 and 10 before 20070810 allows local users to delete of arbitrary files via unknown vectors. |
7.5 | 2007-03-06 | CVE-2007-1285 | The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines. |
10 | 2007-01-23 | CVE-2007-0460 | Multiple buffer overflows in ulogd for SUSE Linux 9.3 up to 10.1, and possibly other distributions, have unknown impact and attack vectors related to "improper string length calculations." |
5 | 2006-02-23 | CVE-2006-0803 | The signature verification functionality in the YaST Online Update (YOU) script handling relies on a gpg feature that is not intended for signature verification, which prevents YOU from detecting malicious scripts or code that do not pass the signature check when gpg 1.4.x is being used. |
2.1 | 2005-12-31 | CVE-2005-4791 | Multiple untrusted search path vulnerabilities in SUSE Linux 10.0 cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) liferea or (2) banshee. |
6.9 | 2005-12-31 | CVE-2005-4790 | Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and 10.0, and possibly other distributions, cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) beagle, (2) tomboy, or (3) blam. NOTE: in August 2007, the tomboy vector was reported for other distributions. |
4.6 | 2005-10-27 | CVE-2005-3321 | chkstat in SuSE Linux 9.0 through 10.0 allows local users to modify permissions of files by creating a hardlink to a file from a world-writable directory, which can cause the link count to drop to 1 when the file is deleted or replaced, which is then modified by chkstat to use weaker permissions. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
28% (2) | CWE-255 | Credentials Management |
28% (2) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
14% (1) | CWE-674 | Uncontrolled Recursion |
14% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
14% (1) | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
CAPEC : Common Attack Pattern Enumeration & Classification
id | Name |
---|---|
CAPEC-21 | Exploitation of Session Variables, Resource IDs and other Trusted Credentials |
CAPEC-31 | Accessing/Intercepting/Modifying HTTP Cookies |
CAPEC-82 | Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Servi... |
CAPEC-99 | XML Parser Attack |
CAPEC-167 | Lifting Sensitive Data from the Client |
Oval Markup Language : Definitions
OvalID | Name |
---|---|
oval:org.mitre.oval:def:17764 | USN-560-1 -- tomboy vulnerability |
oval:org.mitre.oval:def:11017 | The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote ... |
oval:org.mitre.oval:def:20950 | USN-1235-1 -- open-iscsi vulnerability |
oval:org.mitre.oval:def:21228 | RHSA-2013:1114: bind security update (Important) |
oval:org.mitre.oval:def:20276 | RHSA-2013:1115: bind97 security update (Important) |
oval:org.mitre.oval:def:19561 | HP-UX Running BIND, Remote Denial of Service (DoS) |
oval:org.mitre.oval:def:18633 | DSA-2728-1 bind9 - denial of service |
oval:org.mitre.oval:def:18438 | USN-1910-1 -- bind9 vulnerability |
oval:org.mitre.oval:def:23869 | ELSA-2013:1114: bind security update (Important) |
oval:org.mitre.oval:def:22902 | ELSA-2013:1115: bind97 security update (Important) |
oval:org.mitre.oval:def:25076 | SUSE-SU-2013:1310-1 -- Security update for bind |
oval:org.mitre.oval:def:27514 | DEPRECATED: ELSA-2013-1114 -- bind security update (important) |
oval:org.mitre.oval:def:27039 | DEPRECATED: ELSA-2013-1115 -- bind97 security update (important) |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
74998 | pure-ftpd for SUSE Linux Enterprise Server OES pure-ftpd Netware Extensions W... |
70405 | supportutils supportconfig on SUSE Configuration File Undisguised Passwords U... |
67915 | openSUSE Novell Client novfs /proc Interface Multiple Unspecified Overflow |
67845 | SUSE Linux Enterprise yast2-webclient WebYaST Appliance Fixed Secret Key Sess... |
59271 | open-iscsi iscsi_discovery in SUSE Unspecified Temporary File Symlink Arbitra... |
46784 | SUSE Linux zen-remover Wrapper Script Search Path Subversion Local Privilege ... |
46783 | SUSE Linux zen-installer Wrapper Script Search Path Subversion Local Privileg... |
46782 | SUSE Linux zen-updater Wrapper Script Search Path Subversion Local Privilege ... |
46781 | SUSE Linux rug Wrapper Script Search Path Subversion Local Privilege Escalation |
46404 | SUSE Linux findutils-locate Package core clean Cron Job Unspecified Arbitrary... |
39580 | SuSE Linux banshee LD_LIBRARY_PATH Variable Path Subversion Local Privilege E... |
39579 | Liferea LD_LIBRARY_PATH Variable Path Subversion Local Privilege Escalation |
39578 | SuSE Linux tomboy LD_LIBRARY_PATH Variable Path Subversion Local Privilege Es... |
39577 | SuSE Linux blam LD_LIBRARY_PATH Variable Path Subversion Local Privilege Esca... |
32939 | ulogd Multiple Unspecified Overflows |
32769 | PHP Zend Engine Variable Destruction Deep Recursion Overflow |
28025 | SuSE YaST YaST Online Update (YOU) Signature Verification Bypass |
20263 | SUSE Permissions Bypass chkstat Arbitrary File Access |
19982 | SuSE Linux beagle LD_LIBRARY_PATH Variable Path Subversion Local Privilege Es... |
OpenVAS Exploits
id | Description |
---|---|
2011-10-21 | Name : Ubuntu Update for open-iscsi USN-1235-1 File : nvt/gb_ubuntu_USN_1235_1.nasl |
2011-02-28 | Name : Mandriva Update for tomboy MDVSA-2011:035 (tomboy) File : nvt/gb_mandriva_MDVSA_2011_035.nasl |
2011-01-11 | Name : SuSE Update for kernel SUSE-SA:2010:039 File : nvt/gb_suse_2010_039.nasl |
2009-10-19 | Name : SuSE Security Summary SUSE-SR:2009:016 File : nvt/suse_sr_2009_016.nasl |
2009-10-13 | Name : SLES10: Security update for open-iscsi File : nvt/sles10_open-iscsi.nasl |
2009-10-11 | Name : SLES11: Security update for open-iscsi File : nvt/sles11_open-iscsi.nasl |
2009-10-10 | Name : SLES9: Security update for liby2util File : nvt/sles9p5016129.nasl |
2009-10-10 | Name : SLES9: Security update for PHP4 File : nvt/sles9p5012110.nasl |
2009-04-09 | Name : Mandriva Update for tomboy MDVSA-2008:064 (tomboy) File : nvt/gb_mandriva_MDVSA_2008_064.nasl |
2009-04-09 | Name : Mandriva Update for php MDKSA-2007:090 (php) File : nvt/gb_mandriva_MDKSA_2007_090.nasl |
2009-04-09 | Name : Mandriva Update for php MDKSA-2007:089 (php) File : nvt/gb_mandriva_MDKSA_2007_089.nasl |
2009-03-23 | Name : Ubuntu Update for tomboy vulnerability USN-560-1 File : nvt/gb_ubuntu_USN_560_1.nasl |
2009-03-23 | Name : Ubuntu Update for php5 regression USN-549-2 File : nvt/gb_ubuntu_USN_549_2.nasl |
2009-03-23 | Name : Ubuntu Update for php5 vulnerabilities USN-549-1 File : nvt/gb_ubuntu_USN_549_1.nasl |
2009-02-27 | Name : Fedora Update for tomboy FEDORA-2007-3011 File : nvt/gb_fedora_2007_3011_tomboy_fc7.nasl |
2009-02-27 | Name : Fedora Update for tomboy FEDORA-2007-3253 File : nvt/gb_fedora_2007_3253_tomboy_fc8.nasl |
2009-02-27 | Name : Fedora Update for liferea FEDORA-2007-3701 File : nvt/gb_fedora_2007_3701_liferea_fc8.nasl |
2009-02-27 | Name : Fedora Update for liferea FEDORA-2007-3733 File : nvt/gb_fedora_2007_3733_liferea_fc7.nasl |
2009-02-27 | Name : Fedora Update for blam FEDORA-2007-3792 File : nvt/gb_fedora_2007_3792_blam_fc7.nasl |
2009-02-27 | Name : Fedora Update for blam FEDORA-2007-3798 File : nvt/gb_fedora_2007_3798_blam_fc8.nasl |
2009-02-27 | Name : Fedora Update for blam FEDORA-2007-3952 File : nvt/gb_fedora_2007_3952_blam_fc7.nasl |
2009-02-27 | Name : Fedora Update for php FEDORA-2007-526 File : nvt/gb_fedora_2007_526_php_fc5.nasl |
2009-02-27 | Name : Fedora Update for php FEDORA-2007-455 File : nvt/gb_fedora_2007_455_php_fc5.nasl |
2009-02-27 | Name : Fedora Update for php FEDORA-2007-415 File : nvt/gb_fedora_2007_415_php_fc6.nasl |
2009-02-27 | Name : Fedora Update for blam FEDORA-2007-3962 File : nvt/gb_fedora_2007_3962_blam_fc8.nasl |
Information Assurance Vulnerability Management (IAVM)
id | Description |
---|---|
2013-A-0151 | ISC BIND 9 Remote Denial of Service Vulnerability Severity: Category I - VMSKEY: V0039823 |
Snort® IPS/IDS
Date | Description |
---|---|
2017-12-19 | ISC BIND 9 DNS rdata length handling remote denial of service attempt RuleID : 44879 - Type : SERVER-OTHER - Revision : 1 |
2014-01-10 | ISC BIND 9 DNS rdata length handling remote denial of service attempt RuleID : 27666 - Type : SERVER-OTHER - Revision : 3 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2017-04-21 | Name: The remote OracleVM host is missing one or more security updates. File: oraclevm_OVMSA-2017-0066.nasl - Type: ACT_GATHER_INFO |
2015-09-23 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201507-19.nasl - Type: ACT_GATHER_INFO |
2015-05-27 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2015-0946-1.nasl - Type: ACT_GATHER_INFO |
2015-04-15 | Name: The remote database server is affected by multiple denial of service vulnerab... File: mysql_5_6_24.nasl - Type: ACT_GATHER_INFO |
2015-04-15 | Name: The remote database server is affected by multiple denial of service vulnerab... File: mysql_5_6_23.nasl - Type: ACT_GATHER_INFO |
2014-12-26 | Name: The remote OracleVM host is missing one or more security updates. File: oraclevm_OVMSA-2014-0084.nasl - Type: ACT_GATHER_INFO |
2014-11-08 | Name: The remote Red Hat host is missing a security update. File: redhat-RHSA-2013-1181.nasl - Type: ACT_GATHER_INFO |
2014-10-21 | Name: The remote host is missing a security update for OS X Server. File: macosx_server_4_0.nasl - Type: ACT_GATHER_INFO |
2014-10-10 | Name: The remote device is missing a vendor-supplied security patch. File: f5_bigip_SOL7859.nasl - Type: ACT_GATHER_INFO |
2014-10-10 | Name: The remote device is missing a vendor-supplied security patch. File: f5_bigip_SOL14613.nasl - Type: ACT_GATHER_INFO |
2014-06-18 | Name: The remote host is affected by a denial of service vulnerability. File: mcafee_web_gateway_SB10052.nasl - Type: ACT_GATHER_INFO |
2014-06-18 | Name: The remote host is affected by a denial of service vulnerability. File: mcafee_firewall_enterprise_SB10052.nasl - Type: ACT_GATHER_INFO |
2014-06-13 | Name: The remote openSUSE host is missing a security update. File: suse_11_3_Kernel-100824.nasl - Type: ACT_GATHER_INFO |
2014-06-13 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2013-654.nasl - Type: ACT_GATHER_INFO |
2014-01-30 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201401-34.nasl - Type: ACT_GATHER_INFO |
2014-01-27 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201401-28.nasl - Type: ACT_GATHER_INFO |
2013-10-01 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2013-214.nasl - Type: ACT_GATHER_INFO |
2013-08-08 | Name: The remote SuSE 11 host is missing one or more security updates. File: suse_11_bind-130805.nasl - Type: ACT_GATHER_INFO |
2013-08-07 | Name: The remote Slackware host is missing a security update. File: Slackware_SSA_2013-218-01.nasl - Type: ACT_GATHER_INFO |
2013-08-05 | Name: The remote Fedora host is missing a security update. File: fedora_2013-13863.nasl - Type: ACT_GATHER_INFO |
2013-08-05 | Name: The remote Fedora host is missing a security update. File: fedora_2013-13831.nasl - Type: ACT_GATHER_INFO |
2013-07-31 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2013-1114.nasl - Type: ACT_GATHER_INFO |
2013-07-31 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2013-1115.nasl - Type: ACT_GATHER_INFO |
2013-07-31 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2013-1115.nasl - Type: ACT_GATHER_INFO |
2013-07-31 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20130730_bind_on_SL6_x.nasl - Type: ACT_GATHER_INFO |