This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Suse First view 2003-12-31
Product Suse Linux Openexchange Server Last view 2007-05-14
Version 4.0 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:suse:suse_linux_openexchange_server

Activity : Overall

Related : CVE

  Date Alert Description
4.4 2007-05-14 CVE-2007-2654

xfs_fsr in xfsdump creates a .fsr temporary directory with insecure permissions, which allows local users to read or overwrite arbitrary files on xfs filesystems.

6.4 2005-12-31 CVE-2005-4772

liby2util in Yet another Setup Tool (YaST) in SUSE Linux before 20051007 preserves permissions and ownerships when copying a remote repository, which might allow local users to read or modify sensitive files, possibly giving local users the ability to exploit CVE-2005-3013.

6.4 2003-12-31 CVE-2003-1538

susehelp in SuSE Linux 8.1, Enterprise Server 8, Office Server, and Openexchange Server 4 does not properly filter shell metacharacters, which allows remote attackers to execute arbitrary commands via CGI queries.

CWE : Common Weakness Enumeration

%idName
50% (1) CWE-362 Race Condition
50% (1) CWE-20 Improper Input Validation

Open Source Vulnerability Database (OSVDB)

id Description
60220 susehelp in SuSE CGI Query Shell Metacharacter Arbitrary Remote Command Execu...
36716 xfsdump xfs_fsr Symlink Arbitrary File Manipulation
19979 SuSE Linux YaST liby2util Package Repository Permission Weakness

OpenVAS Exploits

id Description
2009-04-09 Name : Mandriva Update for xfsdump MDKSA-2007:134 (xfsdump)
File : nvt/gb_mandriva_MDKSA_2007_134.nasl
2009-03-23 Name : Ubuntu Update for xfsdump vulnerability USN-516-1
File : nvt/gb_ubuntu_USN_516_1.nasl

Nessus® Vulnerability Scanner

id Description
2007-11-10 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-516-1.nasl - Type: ACT_GATHER_INFO
2007-06-27 Name: The remote Mandrake Linux host is missing a security update.
File: mandrake_MDKSA-2007-134.nasl - Type: ACT_GATHER_INFO