This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Suse First view 1999-12-14
Product Suse Linux Last view 2008-09-22
Version * Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:suse:suse_linux

Activity : Overall

Related : CVE

  Date Alert Description
7.2 2008-09-22 CVE-2008-3949

emacs/lisp/progmodes/python.el in Emacs 22.1 and 22.2 imports Python script from the current working directory during editing of a Python file, which allows local users to execute arbitrary code via a Trojan horse Python file.

7.2 2007-11-28 CVE-2007-6167

Untrusted search path vulnerability in yast2-core in SUSE Linux might allow local users to execute arbitrary code by creating a malicious yast2 module in the current working directory.

4.6 2007-08-17 CVE-2007-4393

The installation script for orarun on SUSE Linux before 20070810 places the oracle user into the disk group, which allows the local oracle user to read or write raw disk partitions.

10 2007-07-30 CVE-2007-4074

The default configuration of Centre for Speech Technology Research (CSTR) Festival 1.95 beta (aka 2.0 beta) on Gentoo Linux, SUSE Linux, and possibly other distributions, is run locally with elevated privileges without requiring authentication, which allows local and remote attackers to execute arbitrary commands via the local daemon on port 1314, a different vulnerability than CVE-2001-0956. NOTE: this issue is local in some environments, but remote on others.

10 2007-02-15 CVE-2007-0980

Unspecified vulnerability in HP Serviceguard for Linux; packaged for SuSE SLES8 and United Linux 1.0 before SG A.11.15.07, SuSE SLES9 and SLES10 before SG A.11.16.10, and Red Hat Enterprise Linux (RHEL) before SG A.11.16.10; allows remote attackers to obtain unauthorized access via unspecified vectors.

10 2007-01-23 CVE-2007-0460

Multiple buffer overflows in ulogd for SUSE Linux 9.3 up to 10.1, and possibly other distributions, have unknown impact and attack vectors related to "improper string length calculations."

4.6 2005-10-05 CVE-2005-3148

StoreBackup before 1.19 does not properly set the uid and guid for symbolic links (1) that are backed up by storeBackup.pl, or (2) recovered by storeBackupRecover.pl, which could cause files to be restored with incorrect ownership.

2.1 2005-10-05 CVE-2005-3147

StoreBackup before 1.19 creates the backup root with world-readable permissions, which allows local users to obtain sensitive information.

2.1 2005-10-05 CVE-2005-3146

StoreBackup before 1.19 allows local users to perform unauthorized operations on arbitrary files via a symlink attack on temporary files.

1.2 2005-01-10 CVE-2004-1191

Race condition in SuSE Linux 8.1 through 9.2, when run on SMP systems that have more than 4GB of memory, could allow local users to read unauthorized memory from "foreign memory pages."

7.2 2002-12-31 CVE-2002-2259

Buffer overflow in the French documentation patch for Gnuplot 3.7 in SuSE Linux before 8.0 allows local users to execute arbitrary code as root via unknown attack vectors.

7.2 2000-02-03 CVE-2000-0218

Buffer overflow in Linux mount and umount allows local users to gain root privileges via a long relative pathname.

2.1 1999-12-14 CVE-2000-0361

The PPP wvdial.lxdialog script in wvdial 1.4 and earlier creates a .config file with world readable permissions, which allows a local attacker in the dialout group to access login and password information.

CWE : Common Weakness Enumeration

%idName
40% (2) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
20% (1) CWE-264 Permissions, Privileges, and Access Controls
20% (1) CWE-94 Failure to Control Generation of Code ('Code Injection')
20% (1) CWE-16 Configuration

Open Source Vulnerability Database (OSVDB)

id Description
60139 Gnuplot French Documentation Patch Unspecified Local Overflow
49558 Emacs Python Path Handling Weakness Script Import Arbitrary Code Execution
46403 SUSE Linux orarun Script Oracle Account disk Group Privilege Escalation
44158 SuSE Linux yast2-core Search Path Subversion Arbitrary Code Execution
38622 CSTR Festival on Linux Unauthenticated Arbitrary Command Execution
33201 HP Serviceguard for Linux Unspecified Remote Access
32939 ulogd Multiple Unspecified Overflows
19737 storeBackup Backup root Directory Permission Weakness
19736 storeBackup storeBackup.pl Symlink Arbitrary File Overwrite
19177 storebackup storeBackupRecover.pl Unspecified Symlink Ownership Issue
19176 storebackup storeBackup.pl Unspecified Symlink Issue
19175 storebackup storeBackup.pl Unspecified Symlink Ownership Issue
11985 Linux Kernel smb Filesystem smb_receive_trans2 Arbitrary Memory Disclosure
11983 Linux Kernel smb Filesystem smb_receive_trans2 Overflow
7693 wvdial PPP wvdial.lxdialog .config Login Credential Disclosure
7004 Linux umount Long Relative Path Overflow
6980 Linux mount Long Relative Path Overflow

OpenVAS Exploits

id Description
2009-10-13 Name : SLES10: Security update for festival
File : nvt/sles10_festival.nasl
2009-04-09 Name : Mandriva Update for emacs MDVSA-2008:216 (emacs)
File : nvt/gb_mandriva_MDVSA_2008_216.nasl
2009-03-02 Name : Gentoo Security Advisory GLSA 200902-06 (emacs edit-utils)
File : nvt/glsa_200902_06.nasl
2008-11-19 Name : FreeBSD Ports: emacs
File : nvt/freebsd_emacs.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200703-17 (ulogd)
File : nvt/glsa_200703_17.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200707-10 (festival)
File : nvt/glsa_200707_10.nasl
2008-01-17 Name : Debian Security Advisory DSA 1022-1 (storebackup)
File : nvt/deb_1022_1.nasl

Nessus® Vulnerability Scanner

id Description
2009-07-21 Name: The remote openSUSE host is missing a security update.
File: suse_11_0_emacs-080912.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2008-216.nasl - Type: ACT_GATHER_INFO
2009-02-24 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-200902-06.nasl - Type: ACT_GATHER_INFO
2008-11-11 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_66657bd5ac9211ddb541001f3b19d541.nasl - Type: ACT_GATHER_INFO
2008-09-16 Name: The remote openSUSE host is missing a security update.
File: suse_emacs-5597.nasl - Type: ACT_GATHER_INFO
2007-12-13 Name: The remote SuSE 10 host is missing a security-related patch.
File: suse_festival-4378.nasl - Type: ACT_GATHER_INFO
2007-10-19 Name: The remote openSUSE host is missing a security update.
File: suse_festival-4377.nasl - Type: ACT_GATHER_INFO
2007-03-19 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-200703-17.nasl - Type: ACT_GATHER_INFO
2006-10-14 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-1022.nasl - Type: ACT_GATHER_INFO
2005-01-26 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2005-022.nasl - Type: ACT_GATHER_INFO
2004-12-13 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2004-549.nasl - Type: ACT_GATHER_INFO