This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Suse First view 2006-12-20
Product Suse Open Enterprise Server Last view 2007-05-14
Version 9 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:suse:suse_open_enterprise_server

Activity : Overall

Related : CVE

  Date Alert Description
4.4 2007-05-14 CVE-2007-2654

xfs_fsr in xfsdump creates a .fsr temporary directory with insecure permissions, which allows local users to read or overwrite arbitrary files on xfs filesystems.

4.1 2006-12-20 CVE-2006-6662

Unspecified vulnerability in Linux User Management (novell-lum) on SUSE Linux Enterprise Desktop 10 and Open Enterprise Server 9, under unspecified conditions, allows local users to log in to the console without a password.

CWE : Common Weakness Enumeration

%idName
50% (1) CWE-362 Race Condition
50% (1) CWE-264 Permissions, Privileges, and Access Controls

Open Source Vulnerability Database (OSVDB)

id Description
36716 xfsdump xfs_fsr Symlink Arbitrary File Manipulation
35231 Linux User Management (novell-lum) on SUSE Linux Local Privilege Escalation

OpenVAS Exploits

id Description
2009-04-09 Name : Mandriva Update for xfsdump MDKSA-2007:134 (xfsdump)
File : nvt/gb_mandriva_MDKSA_2007_134.nasl
2009-03-23 Name : Ubuntu Update for xfsdump vulnerability USN-516-1
File : nvt/gb_ubuntu_USN_516_1.nasl

Nessus® Vulnerability Scanner

id Description
2007-11-10 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-516-1.nasl - Type: ACT_GATHER_INFO
2007-06-27 Name: The remote Mandrake Linux host is missing a security update.
File: mandrake_MDKSA-2007-134.nasl - Type: ACT_GATHER_INFO