This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Suse First view 2005-12-31
Product Suse Linux Standard Server Last view 2007-05-14
Version 8.0 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:suse:suse_linux_standard_server

Activity : Overall

Related : CVE

  Date Alert Description
4.4 2007-05-14 CVE-2007-2654

xfs_fsr in xfsdump creates a .fsr temporary directory with insecure permissions, which allows local users to read or overwrite arbitrary files on xfs filesystems.

6.4 2005-12-31 CVE-2005-4772

liby2util in Yet another Setup Tool (YaST) in SUSE Linux before 20051007 preserves permissions and ownerships when copying a remote repository, which might allow local users to read or modify sensitive files, possibly giving local users the ability to exploit CVE-2005-3013.

CWE : Common Weakness Enumeration

%idName
100% (1) CWE-362 Race Condition

Open Source Vulnerability Database (OSVDB)

id Description
36716 xfsdump xfs_fsr Symlink Arbitrary File Manipulation
19979 SuSE Linux YaST liby2util Package Repository Permission Weakness

OpenVAS Exploits

id Description
2009-04-09 Name : Mandriva Update for xfsdump MDKSA-2007:134 (xfsdump)
File : nvt/gb_mandriva_MDKSA_2007_134.nasl
2009-03-23 Name : Ubuntu Update for xfsdump vulnerability USN-516-1
File : nvt/gb_ubuntu_USN_516_1.nasl

Nessus® Vulnerability Scanner

id Description
2007-11-10 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-516-1.nasl - Type: ACT_GATHER_INFO
2007-06-27 Name: The remote Mandrake Linux host is missing a security update.
File: mandrake_MDKSA-2007-134.nasl - Type: ACT_GATHER_INFO