This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Novell First view 2005-10-27
Product Suse Linux Last view 2015-04-16
Version 11 Type
Update  
Edition server  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:o:novell:suse_linux:10.0:*:*:*:*:*:*:* 6
cpe:2.3:o:novell:suse_linux:11.0:sp3:*:*:desktop:*:*:* 5
cpe:2.3:o:novell:suse_linux:11.0:sp3:*:*:server:*:*:* 5
cpe:2.3:o:novell:suse_linux:10.1:*:*:*:*:*:*:* 3
cpe:2.3:o:novell:suse_linux:10:sp3:*:*:*:*:*:* 2
cpe:2.3:o:novell:suse_linux:10:sp4:*:*:*:*:*:* 2
cpe:2.3:o:novell:suse_linux:11:-:enterprise:*:*:*:*:* 2
cpe:2.3:o:novell:suse_linux:10:sp3:enterprise:*:*:*:*:* 2
cpe:2.3:o:novell:suse_linux:10:sp2:enterprise:*:*:*:*:* 2
cpe:2.3:o:novell:suse_linux:11:*:server:*:*:*:*:* 2
cpe:2.3:o:novell:suse_linux:11:sp3:desktop:*:*:*:*:* 1
cpe:2.3:o:novell:suse_linux:11:sp4:desktop:*:*:*:*:* 1
cpe:2.3:o:novell:suse_linux:11:sp1:server:*:*:*:*:* 1
cpe:2.3:o:novell:suse_linux:11:sp1:desktop:*:*:*:*:* 1
cpe:2.3:o:novell:suse_linux:11:sp1:enterprise:*:*:*:*:* 1
cpe:2.3:o:novell:suse_linux:11:*:desktop:*:*:*:*:* 1
cpe:2.3:o:novell:suse_linux:*:*:*:*:*:*:*:* 1
cpe:2.3:o:novell:suse_linux:9.3:*:pro:*:*:*:*:* 1
cpe:2.3:o:novell:suse_linux:9:*:server:*:*:*:*:* 1
cpe:2.3:o:novell:suse_linux:10:*:desktop:*:*:*:*:* 1
cpe:2.3:o:novell:suse_linux:10:*:server:*:*:*:*:* 1

Related : CVE

  Date Alert Description
4 2015-04-16 CVE-2015-2573

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.
4 2015-04-16 CVE-2015-2571

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.
5 2015-04-16 CVE-2015-2568

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.
3.5 2015-04-16 CVE-2015-2567

Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.
2.8 2015-04-16 CVE-2015-2566

Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via vectors related to DML.
7.8 2013-07-29 CVE-2013-4854

The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.
9.3 2013-02-08 CVE-2013-0170

Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue.
4.4 2011-04-18 CVE-2011-0988

pure-ftpd 1.0.22, as used in SUSE Linux Enterprise Server 10 SP3 and SP4, and Enterprise Desktop 10 SP3 and SP4, when running OES Netware extensions, creates a world-writeable directory, which allows local users to overwrite arbitrary files and gain privileges via unspecified vectors.
10 2011-01-12 CVE-2010-3912

The supportconfig script in supportutils in SUSE Linux Enterprise 11 SP1 and 10 SP3 does not "disguise passwords" in configuration files, which has unknown impact and attack vectors.
7.2 2010-10-12 CVE-2010-3110

Multiple buffer overflows in the Novell Client novfs module for the Linux kernel in SUSE Linux Enterprise 11 SP1 and openSUSE 11.3 allow local users to gain privileges via unspecified vectors.
5 2010-09-03 CVE-2010-1507

WebYaST in yast2-webclient in SUSE Linux Enterprise (SLE) 11 on the WebYaST appliance uses a fixed secret key that is embedded in the appliance's image, which allows remote attackers to spoof session cookies by leveraging knowledge of this key.
4.4 2009-10-23 CVE-2009-1297

iscsi_discovery in open-iscsi in SUSE openSUSE 10.3 through 11.1 and SUSE Linux Enterprise (SLE) 10 SP2 and 11, and other operating systems, allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file that has a predictable name.
4.6 2007-08-20 CVE-2007-4432

Untrusted search path vulnerability in the wrapper scripts for the (1) rug, (2) zen-updater, (3) zen-installer, and (4) zen-remover programs on SUSE Linux 10.1 and Enterprise 10 allows local users to gain privileges via modified (a) LD_LIBRARY_PATH and (b) MONO_GAC_PREFIX environment variables.
2.1 2007-08-17 CVE-2007-4394

Unspecified vulnerability in a "core clean" cron job created by the findutils-locate package on SUSE Linux 10.0 and 10.1 and Enterprise Server 9 and 10 before 20070810 allows local users to delete of arbitrary files via unknown vectors.
10 2007-01-23 CVE-2007-0460

Multiple buffer overflows in ulogd for SUSE Linux 9.3 up to 10.1, and possibly other distributions, have unknown impact and attack vectors related to "improper string length calculations."
5 2006-02-23 CVE-2006-0803

The signature verification functionality in the YaST Online Update (YOU) script handling relies on a gpg feature that is not intended for signature verification, which prevents YOU from detecting malicious scripts or code that do not pass the signature check when gpg 1.4.x is being used.
2.1 2005-12-31 CVE-2005-4791

Multiple untrusted search path vulnerabilities in SUSE Linux 10.0 cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) liferea or (2) banshee.
6.9 2005-12-31 CVE-2005-4790

Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and 10.0, and possibly other distributions, cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) beagle, (2) tomboy, or (3) blam. NOTE: in August 2007, the tomboy vector was reported for other distributions.
4.6 2005-10-27 CVE-2005-3321

chkstat in SuSE Linux 9.0 through 10.0 allows local users to modify permissions of files by creating a hardlink to a file from a world-writable directory, which can cause the link count to drop to 1 when the file is deleted or replaced, which is then modified by chkstat to use weaker permissions.

CWE : Common Weakness Enumeration

%idName
28% (2) CWE-255 Credentials Management
28% (2) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
14% (1) CWE-399 Resource Management Errors
14% (1) CWE-264 Permissions, Privileges, and Access Controls
14% (1) CWE-59 Improper Link Resolution Before File Access ('Link Following')

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-21 Exploitation of Session Variables, Resource IDs and other Trusted Credentials
CAPEC-31 Accessing/Intercepting/Modifying HTTP Cookies
CAPEC-167 Lifting Sensitive Data from the Client

Oval Markup Language : Definitions

OvalID Name
oval:org.mitre.oval:def:17764 USN-560-1 -- tomboy vulnerability
oval:org.mitre.oval:def:20950 USN-1235-1 -- open-iscsi vulnerability
oval:org.mitre.oval:def:20985 RHSA-2013:0199: libvirt security update (Important)
oval:org.mitre.oval:def:18188 USN-1708-1 -- libvirt vulnerabilities
oval:org.mitre.oval:def:23681 ELSA-2013:0199: libvirt security update (Important)
oval:org.mitre.oval:def:25946 SUSE-SU-2013:0320-1 -- Security update for libvirt
oval:org.mitre.oval:def:27095 DEPRECATED: ELSA-2013-0199 -- libvirt security update (important)
oval:org.mitre.oval:def:21228 RHSA-2013:1114: bind security update (Important)
oval:org.mitre.oval:def:20276 RHSA-2013:1115: bind97 security update (Important)
oval:org.mitre.oval:def:19561 HP-UX Running BIND, Remote Denial of Service (DoS)
oval:org.mitre.oval:def:18633 DSA-2728-1 bind9 - denial of service
oval:org.mitre.oval:def:18438 USN-1910-1 -- bind9 vulnerability
oval:org.mitre.oval:def:23869 ELSA-2013:1114: bind security update (Important)
oval:org.mitre.oval:def:22902 ELSA-2013:1115: bind97 security update (Important)
oval:org.mitre.oval:def:25076 SUSE-SU-2013:1310-1 -- Security update for bind
oval:org.mitre.oval:def:27514 DEPRECATED: ELSA-2013-1114 -- bind security update (important)
oval:org.mitre.oval:def:27039 DEPRECATED: ELSA-2013-1115 -- bind97 security update (important)

Open Source Vulnerability Database (OSVDB)

id Description
74998 pure-ftpd for SUSE Linux Enterprise Server OES pure-ftpd Netware Extensions W...
70405 supportutils supportconfig on SUSE Configuration File Undisguised Passwords U...
67915 openSUSE Novell Client novfs /proc Interface Multiple Unspecified Overflow
67845 SUSE Linux Enterprise yast2-webclient WebYaST Appliance Fixed Secret Key Sess...
59271 open-iscsi iscsi_discovery in SUSE Unspecified Temporary File Symlink Arbitra...
46784 SUSE Linux zen-remover Wrapper Script Search Path Subversion Local Privilege ...
46783 SUSE Linux zen-installer Wrapper Script Search Path Subversion Local Privileg...
46782 SUSE Linux zen-updater Wrapper Script Search Path Subversion Local Privilege ...
46781 SUSE Linux rug Wrapper Script Search Path Subversion Local Privilege Escalation
46404 SUSE Linux findutils-locate Package core clean Cron Job Unspecified Arbitrary...
39580 SuSE Linux banshee LD_LIBRARY_PATH Variable Path Subversion Local Privilege E...
39579 Liferea LD_LIBRARY_PATH Variable Path Subversion Local Privilege Escalation
39578 SuSE Linux tomboy LD_LIBRARY_PATH Variable Path Subversion Local Privilege Es...
39577 SuSE Linux blam LD_LIBRARY_PATH Variable Path Subversion Local Privilege Esca...
32939 ulogd Multiple Unspecified Overflows
28025 SuSE YaST YaST Online Update (YOU) Signature Verification Bypass
20263 SUSE Permissions Bypass chkstat Arbitrary File Access
19982 SuSE Linux beagle LD_LIBRARY_PATH Variable Path Subversion Local Privilege Es...

OpenVAS Exploits

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2011-10-21 Name : Ubuntu Update for open-iscsi USN-1235-1
File : nvt/gb_ubuntu_USN_1235_1.nasl
2011-02-28 Name : Mandriva Update for tomboy MDVSA-2011:035 (tomboy)
File : nvt/gb_mandriva_MDVSA_2011_035.nasl
2011-01-11 Name : SuSE Update for kernel SUSE-SA:2010:039
File : nvt/gb_suse_2010_039.nasl
2009-10-19 Name : SuSE Security Summary SUSE-SR:2009:016
File : nvt/suse_sr_2009_016.nasl
2009-10-13 Name : SLES10: Security update for open-iscsi
File : nvt/sles10_open-iscsi.nasl
2009-10-11 Name : SLES11: Security update for open-iscsi
File : nvt/sles11_open-iscsi.nasl
2009-10-10 Name : SLES9: Security update for liby2util
File : nvt/sles9p5016129.nasl
2009-04-09 Name : Mandriva Update for tomboy MDVSA-2008:064 (tomboy)
File : nvt/gb_mandriva_MDVSA_2008_064.nasl
2009-03-23 Name : Ubuntu Update for tomboy vulnerability USN-560-1
File : nvt/gb_ubuntu_USN_560_1.nasl
2009-02-27 Name : Fedora Update for tomboy FEDORA-2007-3253
File : nvt/gb_fedora_2007_3253_tomboy_fc8.nasl
2009-02-27 Name : Fedora Update for blam FEDORA-2007-3952
File : nvt/gb_fedora_2007_3952_blam_fc7.nasl
2009-02-27 Name : Fedora Update for tomboy FEDORA-2007-3011
File : nvt/gb_fedora_2007_3011_tomboy_fc7.nasl
2009-02-27 Name : Fedora Update for liferea FEDORA-2007-3701
File : nvt/gb_fedora_2007_3701_liferea_fc8.nasl
2009-02-27 Name : Fedora Update for liferea FEDORA-2007-3733
File : nvt/gb_fedora_2007_3733_liferea_fc7.nasl
2009-02-27 Name : Fedora Update for blam FEDORA-2007-3792
File : nvt/gb_fedora_2007_3792_blam_fc7.nasl
2009-02-27 Name : Fedora Update for blam FEDORA-2007-3798
File : nvt/gb_fedora_2007_3798_blam_fc8.nasl
2009-02-27 Name : Fedora Update for blam FEDORA-2007-3962
File : nvt/gb_fedora_2007_3962_blam_fc8.nasl
2009-02-17 Name : Fedora Update for blam FEDORA-2008-9667
File : nvt/gb_fedora_2008_9667_blam_fc8.nasl
2009-02-17 Name : Fedora Update for blam FEDORA-2008-8399
File : nvt/gb_fedora_2008_8399_blam_fc8.nasl
2009-02-17 Name : Fedora Update for blam FEDORA-2008-6491
File : nvt/gb_fedora_2008_6491_blam_fc8.nasl
2009-02-17 Name : Fedora Update for blam FEDORA-2008-6127
File : nvt/gb_fedora_2008_6127_blam_fc8.nasl
2009-02-16 Name : Fedora Update for blam FEDORA-2008-2682
File : nvt/gb_fedora_2008_2682_blam_fc8.nasl
2009-02-16 Name : Fedora Update for blam FEDORA-2008-1535
File : nvt/gb_fedora_2008_1535_blam_fc8.nasl
2009-02-13 Name : Fedora Update for blam FEDORA-2008-11551
File : nvt/gb_fedora_2008_11551_blam_fc8.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200703-17 (ulogd)
File : nvt/glsa_200703_17.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2013-A-0151 ISC BIND 9 Remote Denial of Service Vulnerability
Severity: Category I - VMSKEY: V0039823

Snort® IPS/IDS

Date Description
2017-12-19 ISC BIND 9 DNS rdata length handling remote denial of service attempt
RuleID : 44879 - Type : SERVER-OTHER - Revision : 1
2014-01-10 ISC BIND 9 DNS rdata length handling remote denial of service attempt
RuleID : 27666 - Type : SERVER-OTHER - Revision : 3

Nessus® Vulnerability Scanner

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-16 Name: The remote database server is affected by multiple vulnerabilities
File: mariadb_5_5_42.nasl - Type: ACT_GATHER_INFO
2017-04-21 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2017-0066.nasl - Type: ACT_GATHER_INFO
2015-09-23 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201507-19.nasl - Type: ACT_GATHER_INFO
2015-08-26 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2015-1665.nasl - Type: ACT_GATHER_INFO
2015-08-25 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20150824_mariadb_on_SL7_x.nasl - Type: ACT_GATHER_INFO
2015-08-25 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2015-1665.nasl - Type: ACT_GATHER_INFO
2015-08-25 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2015-1665.nasl - Type: ACT_GATHER_INFO
2015-08-18 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20150817_mysql55_mysql_on_SL5_x.nasl - Type: ACT_GATHER_INFO
2015-08-18 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2015-1628.nasl - Type: ACT_GATHER_INFO
2015-08-18 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2015-1628.nasl - Type: ACT_GATHER_INFO
2015-08-17 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2015-1628.nasl - Type: ACT_GATHER_INFO
2015-07-22 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2015-1273-1.nasl - Type: ACT_GATHER_INFO
2015-07-20 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3311.nasl - Type: ACT_GATHER_INFO
2015-07-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2015-479.nasl - Type: ACT_GATHER_INFO
2015-05-27 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2015-0946-1.nasl - Type: ACT_GATHER_INFO
2015-05-13 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2015-132-01.nasl - Type: ACT_GATHER_INFO
2015-05-13 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2015-132-02.nasl - Type: ACT_GATHER_INFO
2015-05-06 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2015-227.nasl - Type: ACT_GATHER_INFO
2015-04-22 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-2575-1.nasl - Type: ACT_GATHER_INFO
2015-04-20 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3229.nasl - Type: ACT_GATHER_INFO
2015-04-15 Name: The remote database server is affected by multiple denial of service vulnerab...
File: mysql_5_6_24.nasl - Type: ACT_GATHER_INFO
2015-04-15 Name: The remote database server is affected by multiple denial of service vulnerab...
File: mysql_5_6_23.nasl - Type: ACT_GATHER_INFO
2014-12-26 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2014-0084.nasl - Type: ACT_GATHER_INFO
2014-11-08 Name: The remote Red Hat host is missing a security update.
File: redhat-RHSA-2013-1181.nasl - Type: ACT_GATHER_INFO
2014-10-21 Name: The remote host is missing a security update for OS X Server.
File: macosx_server_4_0.nasl - Type: ACT_GATHER_INFO