Summary
| Detail | |||
|---|---|---|---|
| Vendor | Novell | First view | 2005-10-27 |
| Product | Suse Linux | Last view | 2015-04-16 |
| Version | 11 | Type | |
| Update | |||
| Edition | server | ||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 4 | 2015-04-16 | CVE-2015-2573 | Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL. |
| 4 | 2015-04-16 | CVE-2015-2571 | Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. |
| 5 | 2015-04-16 | CVE-2015-2568 | Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges. |
| 3.5 | 2015-04-16 | CVE-2015-2567 | Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges. |
| 2.8 | 2015-04-16 | CVE-2015-2566 | Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via vectors related to DML. |
| 7.8 | 2013-07-29 | CVE-2013-4854 | The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013. |
| 4.4 | 2011-04-18 | CVE-2011-0988 | pure-ftpd 1.0.22, as used in SUSE Linux Enterprise Server 10 SP3 and SP4, and Enterprise Desktop 10 SP3 and SP4, when running OES Netware extensions, creates a world-writeable directory, which allows local users to overwrite arbitrary files and gain privileges via unspecified vectors. |
| 10 | 2011-01-12 | CVE-2010-3912 | The supportconfig script in supportutils in SUSE Linux Enterprise 11 SP1 and 10 SP3 does not "disguise passwords" in configuration files, which has unknown impact and attack vectors. |
| 7.2 | 2010-10-12 | CVE-2010-3110 | Multiple buffer overflows in the Novell Client novfs module for the Linux kernel in SUSE Linux Enterprise 11 SP1 and openSUSE 11.3 allow local users to gain privileges via unspecified vectors. |
| 5 | 2010-09-03 | CVE-2010-1507 | WebYaST in yast2-webclient in SUSE Linux Enterprise (SLE) 11 on the WebYaST appliance uses a fixed secret key that is embedded in the appliance's image, which allows remote attackers to spoof session cookies by leveraging knowledge of this key. |
| 4.4 | 2009-10-23 | CVE-2009-1297 | iscsi_discovery in open-iscsi in SUSE openSUSE 10.3 through 11.1 and SUSE Linux Enterprise (SLE) 10 SP2 and 11, and other operating systems, allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file that has a predictable name. |
| 4.6 | 2007-08-20 | CVE-2007-4432 | Untrusted search path vulnerability in the wrapper scripts for the (1) rug, (2) zen-updater, (3) zen-installer, and (4) zen-remover programs on SUSE Linux 10.1 and Enterprise 10 allows local users to gain privileges via modified (a) LD_LIBRARY_PATH and (b) MONO_GAC_PREFIX environment variables. |
| 2.1 | 2007-08-17 | CVE-2007-4394 | Unspecified vulnerability in a "core clean" cron job created by the findutils-locate package on SUSE Linux 10.0 and 10.1 and Enterprise Server 9 and 10 before 20070810 allows local users to delete of arbitrary files via unknown vectors. |
| 10 | 2007-01-23 | CVE-2007-0460 | Multiple buffer overflows in ulogd for SUSE Linux 9.3 up to 10.1, and possibly other distributions, have unknown impact and attack vectors related to "improper string length calculations." |
| 5 | 2006-02-23 | CVE-2006-0803 | The signature verification functionality in the YaST Online Update (YOU) script handling relies on a gpg feature that is not intended for signature verification, which prevents YOU from detecting malicious scripts or code that do not pass the signature check when gpg 1.4.x is being used. |
| 2.1 | 2005-12-31 | CVE-2005-4791 | Multiple untrusted search path vulnerabilities in SUSE Linux 10.0 cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) liferea or (2) banshee. |
| 6.9 | 2005-12-31 | CVE-2005-4790 | Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and 10.0, and possibly other distributions, cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) beagle, (2) tomboy, or (3) blam. NOTE: in August 2007, the tomboy vector was reported for other distributions. |
| 4.6 | 2005-10-27 | CVE-2005-3321 | chkstat in SuSE Linux 9.0 through 10.0 allows local users to modify permissions of files by creating a hardlink to a file from a world-writable directory, which can cause the link count to drop to 1 when the file is deleted or replaced, which is then modified by chkstat to use weaker permissions. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 33% (2) | CWE-255 | Credentials Management |
| 33% (2) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 16% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
| 16% (1) | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
CAPEC : Common Attack Pattern Enumeration & Classification
| id | Name |
|---|---|
| CAPEC-21 | Exploitation of Session Variables, Resource IDs and other Trusted Credentials |
| CAPEC-31 | Accessing/Intercepting/Modifying HTTP Cookies |
| CAPEC-167 | Lifting Sensitive Data from the Client |
Oval Markup Language : Definitions
| OvalID | Name |
|---|---|
| oval:org.mitre.oval:def:17764 | USN-560-1 -- tomboy vulnerability |
| oval:org.mitre.oval:def:20950 | USN-1235-1 -- open-iscsi vulnerability |
| oval:org.mitre.oval:def:21228 | RHSA-2013:1114: bind security update (Important) |
| oval:org.mitre.oval:def:20276 | RHSA-2013:1115: bind97 security update (Important) |
| oval:org.mitre.oval:def:19561 | HP-UX Running BIND, Remote Denial of Service (DoS) |
| oval:org.mitre.oval:def:18633 | DSA-2728-1 bind9 - denial of service |
| oval:org.mitre.oval:def:18438 | USN-1910-1 -- bind9 vulnerability |
| oval:org.mitre.oval:def:23869 | ELSA-2013:1114: bind security update (Important) |
| oval:org.mitre.oval:def:22902 | ELSA-2013:1115: bind97 security update (Important) |
| oval:org.mitre.oval:def:25076 | SUSE-SU-2013:1310-1 -- Security update for bind |
| oval:org.mitre.oval:def:27514 | DEPRECATED: ELSA-2013-1114 -- bind security update (important) |
| oval:org.mitre.oval:def:27039 | DEPRECATED: ELSA-2013-1115 -- bind97 security update (important) |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 74998 | pure-ftpd for SUSE Linux Enterprise Server OES pure-ftpd Netware Extensions W... |
| 70405 | supportutils supportconfig on SUSE Configuration File Undisguised Passwords U... |
| 67915 | openSUSE Novell Client novfs /proc Interface Multiple Unspecified Overflow |
| 67845 | SUSE Linux Enterprise yast2-webclient WebYaST Appliance Fixed Secret Key Sess... |
| 59271 | open-iscsi iscsi_discovery in SUSE Unspecified Temporary File Symlink Arbitra... |
| 46784 | SUSE Linux zen-remover Wrapper Script Search Path Subversion Local Privilege ... |
| 46783 | SUSE Linux zen-installer Wrapper Script Search Path Subversion Local Privileg... |
| 46782 | SUSE Linux zen-updater Wrapper Script Search Path Subversion Local Privilege ... |
| 46781 | SUSE Linux rug Wrapper Script Search Path Subversion Local Privilege Escalation |
| 46404 | SUSE Linux findutils-locate Package core clean Cron Job Unspecified Arbitrary... |
| 39580 | SuSE Linux banshee LD_LIBRARY_PATH Variable Path Subversion Local Privilege E... |
| 39579 | Liferea LD_LIBRARY_PATH Variable Path Subversion Local Privilege Escalation |
| 39578 | SuSE Linux tomboy LD_LIBRARY_PATH Variable Path Subversion Local Privilege Es... |
| 39577 | SuSE Linux blam LD_LIBRARY_PATH Variable Path Subversion Local Privilege Esca... |
| 32939 | ulogd Multiple Unspecified Overflows |
| 28025 | SuSE YaST YaST Online Update (YOU) Signature Verification Bypass |
| 20263 | SUSE Permissions Bypass chkstat Arbitrary File Access |
| 19982 | SuSE Linux beagle LD_LIBRARY_PATH Variable Path Subversion Local Privilege Es... |
OpenVAS Exploits
| id | Description |
|---|---|
| 2011-10-21 | Name : Ubuntu Update for open-iscsi USN-1235-1 File : nvt/gb_ubuntu_USN_1235_1.nasl |
| 2011-02-28 | Name : Mandriva Update for tomboy MDVSA-2011:035 (tomboy) File : nvt/gb_mandriva_MDVSA_2011_035.nasl |
| 2011-01-11 | Name : SuSE Update for kernel SUSE-SA:2010:039 File : nvt/gb_suse_2010_039.nasl |
| 2009-10-19 | Name : SuSE Security Summary SUSE-SR:2009:016 File : nvt/suse_sr_2009_016.nasl |
| 2009-10-13 | Name : SLES10: Security update for open-iscsi File : nvt/sles10_open-iscsi.nasl |
| 2009-10-11 | Name : SLES11: Security update for open-iscsi File : nvt/sles11_open-iscsi.nasl |
| 2009-10-10 | Name : SLES9: Security update for liby2util File : nvt/sles9p5016129.nasl |
| 2009-04-09 | Name : Mandriva Update for tomboy MDVSA-2008:064 (tomboy) File : nvt/gb_mandriva_MDVSA_2008_064.nasl |
| 2009-03-23 | Name : Ubuntu Update for tomboy vulnerability USN-560-1 File : nvt/gb_ubuntu_USN_560_1.nasl |
| 2009-02-27 | Name : Fedora Update for tomboy FEDORA-2007-3253 File : nvt/gb_fedora_2007_3253_tomboy_fc8.nasl |
| 2009-02-27 | Name : Fedora Update for blam FEDORA-2007-3952 File : nvt/gb_fedora_2007_3952_blam_fc7.nasl |
| 2009-02-27 | Name : Fedora Update for tomboy FEDORA-2007-3011 File : nvt/gb_fedora_2007_3011_tomboy_fc7.nasl |
| 2009-02-27 | Name : Fedora Update for liferea FEDORA-2007-3701 File : nvt/gb_fedora_2007_3701_liferea_fc8.nasl |
| 2009-02-27 | Name : Fedora Update for liferea FEDORA-2007-3733 File : nvt/gb_fedora_2007_3733_liferea_fc7.nasl |
| 2009-02-27 | Name : Fedora Update for blam FEDORA-2007-3792 File : nvt/gb_fedora_2007_3792_blam_fc7.nasl |
| 2009-02-27 | Name : Fedora Update for blam FEDORA-2007-3798 File : nvt/gb_fedora_2007_3798_blam_fc8.nasl |
| 2009-02-27 | Name : Fedora Update for blam FEDORA-2007-3962 File : nvt/gb_fedora_2007_3962_blam_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for blam FEDORA-2008-9667 File : nvt/gb_fedora_2008_9667_blam_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for blam FEDORA-2008-8399 File : nvt/gb_fedora_2008_8399_blam_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for blam FEDORA-2008-6491 File : nvt/gb_fedora_2008_6491_blam_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for blam FEDORA-2008-6127 File : nvt/gb_fedora_2008_6127_blam_fc8.nasl |
| 2009-02-16 | Name : Fedora Update for blam FEDORA-2008-2682 File : nvt/gb_fedora_2008_2682_blam_fc8.nasl |
| 2009-02-16 | Name : Fedora Update for blam FEDORA-2008-1535 File : nvt/gb_fedora_2008_1535_blam_fc8.nasl |
| 2009-02-13 | Name : Fedora Update for blam FEDORA-2008-11551 File : nvt/gb_fedora_2008_11551_blam_fc8.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200703-17 (ulogd) File : nvt/glsa_200703_17.nasl |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2013-A-0151 | ISC BIND 9 Remote Denial of Service Vulnerability Severity: Category I - VMSKEY: V0039823 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2017-12-19 | ISC BIND 9 DNS rdata length handling remote denial of service attempt RuleID : 44879 - Type : SERVER-OTHER - Revision : 1 |
| 2014-01-10 | ISC BIND 9 DNS rdata length handling remote denial of service attempt RuleID : 27666 - Type : SERVER-OTHER - Revision : 3 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2019-01-16 | Name: The remote database server is affected by multiple vulnerabilities File: mariadb_5_5_42.nasl - Type: ACT_GATHER_INFO |
| 2017-04-21 | Name: The remote OracleVM host is missing one or more security updates. File: oraclevm_OVMSA-2017-0066.nasl - Type: ACT_GATHER_INFO |
| 2015-09-23 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201507-19.nasl - Type: ACT_GATHER_INFO |
| 2015-08-26 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2015-1665.nasl - Type: ACT_GATHER_INFO |
| 2015-08-25 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20150824_mariadb_on_SL7_x.nasl - Type: ACT_GATHER_INFO |
| 2015-08-25 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2015-1665.nasl - Type: ACT_GATHER_INFO |
| 2015-08-25 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2015-1665.nasl - Type: ACT_GATHER_INFO |
| 2015-08-18 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20150817_mysql55_mysql_on_SL5_x.nasl - Type: ACT_GATHER_INFO |
| 2015-08-18 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2015-1628.nasl - Type: ACT_GATHER_INFO |
| 2015-08-18 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2015-1628.nasl - Type: ACT_GATHER_INFO |
| 2015-08-17 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2015-1628.nasl - Type: ACT_GATHER_INFO |
| 2015-07-22 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2015-1273-1.nasl - Type: ACT_GATHER_INFO |
| 2015-07-20 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-3311.nasl - Type: ACT_GATHER_INFO |
| 2015-07-13 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2015-479.nasl - Type: ACT_GATHER_INFO |
| 2015-05-27 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2015-0946-1.nasl - Type: ACT_GATHER_INFO |
| 2015-05-13 | Name: The remote Slackware host is missing a security update. File: Slackware_SSA_2015-132-02.nasl - Type: ACT_GATHER_INFO |
| 2015-05-13 | Name: The remote Slackware host is missing a security update. File: Slackware_SSA_2015-132-01.nasl - Type: ACT_GATHER_INFO |
| 2015-05-06 | Name: The remote Mandriva Linux host is missing one or more security updates. File: mandriva_MDVSA-2015-227.nasl - Type: ACT_GATHER_INFO |
| 2015-04-22 | Name: The remote Ubuntu host is missing a security-related patch. File: ubuntu_USN-2575-1.nasl - Type: ACT_GATHER_INFO |
| 2015-04-20 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-3229.nasl - Type: ACT_GATHER_INFO |
| 2015-04-15 | Name: The remote database server is affected by multiple denial of service vulnerab... File: mysql_5_6_24.nasl - Type: ACT_GATHER_INFO |
| 2015-04-15 | Name: The remote database server is affected by multiple denial of service vulnerab... File: mysql_5_6_23.nasl - Type: ACT_GATHER_INFO |
| 2014-12-26 | Name: The remote OracleVM host is missing one or more security updates. File: oraclevm_OVMSA-2014-0084.nasl - Type: ACT_GATHER_INFO |
| 2014-11-08 | Name: The remote Red Hat host is missing a security update. File: redhat-RHSA-2013-1181.nasl - Type: ACT_GATHER_INFO |
| 2014-10-21 | Name: The remote host is missing a security update for OS X Server. File: macosx_server_4_0.nasl - Type: ACT_GATHER_INFO |
