Summary
| Detail | |||
|---|---|---|---|
| Vendor | Suse | First view | 2006-12-20 |
| Product | Suse Linux | Last view | 2007-10-14 |
| Version | 10 | Type | Os |
| Update | * | ||
| Edition | enterprise_desktop | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:o:suse:suse_linux | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.5 | 2007-10-14 | CVE-2007-5196 | Unspecified vulnerability in the SSL implementation in Groupwise client system in the novell-groupwise-client package in SUSE Linux Enterprise Desktop 10 allows remote attackers to obtain credentials via a man-in-the-middle attack, a different vulnerability than CVE-2007-5195. |
| 6.8 | 2007-10-14 | CVE-2007-5195 | Unspecified vulnerability in the SSL implementation in Groupwise client system in the novell-groupwise-client package in SUSE Linux Enterprise Desktop 10 allows remote attackers to obtain credentials via a man-in-the-middle attack, a different vulnerability than CVE-2007-5196. |
| 4.6 | 2007-08-20 | CVE-2007-4432 | Untrusted search path vulnerability in the wrapper scripts for the (1) rug, (2) zen-updater, (3) zen-installer, and (4) zen-remover programs on SUSE Linux 10.1 and Enterprise 10 allows local users to gain privileges via modified (a) LD_LIBRARY_PATH and (b) MONO_GAC_PREFIX environment variables. |
| 10 | 2007-01-23 | CVE-2007-0460 | Multiple buffer overflows in ulogd for SUSE Linux 9.3 up to 10.1, and possibly other distributions, have unknown impact and attack vectors related to "improper string length calculations." |
| 4.1 | 2006-12-20 | CVE-2006-6662 | Unspecified vulnerability in Linux User Management (novell-lum) on SUSE Linux Enterprise Desktop 10 and Open Enterprise Server 9, under unspecified conditions, allows local users to log in to the console without a password. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 33% (2) | CWE-310 | Cryptographic Issues |
| 33% (2) | CWE-200 | Information Exposure |
| 16% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
| 16% (1) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CAPEC : Common Attack Pattern Enumeration & Classification
| id | Name |
|---|---|
| CAPEC-21 | Exploitation of Session Variables, Resource IDs and other Trusted Credentials |
| CAPEC-31 | Accessing/Intercepting/Modifying HTTP Cookies |
| CAPEC-167 | Lifting Sensitive Data from the Client |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 46784 | SUSE Linux zen-remover Wrapper Script Search Path Subversion Local Privilege ... |
| 46783 | SUSE Linux zen-installer Wrapper Script Search Path Subversion Local Privileg... |
| 46782 | SUSE Linux zen-updater Wrapper Script Search Path Subversion Local Privilege ... |
| 46781 | SUSE Linux rug Wrapper Script Search Path Subversion Local Privilege Escalation |
| 45492 | Groupwise Client System on SUSE Linux Enterprise Desktop Unspecified MitM Cre... |
| 45491 | Groupwise Client System on SUSE Linux Enterprise Desktop Unspecified MitM Cre... |
| 35231 | Linux User Management (novell-lum) on SUSE Linux Local Privilege Escalation |
| 32939 | ulogd Multiple Unspecified Overflows |
OpenVAS Exploits
| id | Description |
|---|---|
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200703-17 (ulogd) File : nvt/glsa_200703_17.nasl |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2007-12-13 | Name: The remote SuSE 10 host is missing a security-related patch. File: suse_novell-groupwise-gwclient-4494.nasl - Type: ACT_GATHER_INFO |
| 2007-03-19 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-200703-17.nasl - Type: ACT_GATHER_INFO |
