Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
Name CVE-2008-4636 First vendor Publication 2008-11-26
Vendor Cve Last vendor Modification 2024-02-08

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 7.2 Attack Range Local
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

yast2-backup 2.14.2 through 2.16.6 on SUSE Linux and Novell Linux allows local users to gain privileges via shell metacharacters in filenames used by the backup process.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4636

CAPEC : Common Attack Pattern Enumeration & Classification

Id Name
CAPEC-18 Embedding Scripts in Nonscript Elements
CAPEC-63 Simple Script Injection
CAPEC-73 User-Controlled Filename
CAPEC-81 Web Logs Tampering
CAPEC-85 Client Network Footprinting (using AJAX/XSS)
CAPEC-86 Embedding Script (XSS ) in HTTP Headers
CAPEC-104 Cross Zone Scripting

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-78 Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 1

OpenVAS Exploits

Date Description
2009-10-13 Name : SLES10: Security update for yast2-backup
File : nvt/sles10_yast2-backup.nasl
2009-10-10 Name : SLES9: Security update for yast2-backup
File : nvt/sles9p5037889.nasl
2009-01-23 Name : SuSE Update for yast2-backup SUSE-SA:2008:054
File : nvt/gb_suse_2008_054.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
50284 SUSE Linux yast2-backup Filename Command Injection

Nessus® Vulnerability Scanner

Date Description
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12279.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_yast2-backup-5760.nasl - Type : ACT_GATHER_INFO
2008-11-25 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_yast2-backup-5739.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/32464
OSVDB http://osvdb.org/50284
SECUNIA http://secunia.com/advisories/32832
SUSE http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00003.html
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/46879

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
Date Informations
2024-02-09 00:28:14
  • Multiple Updates
2020-05-23 00:22:26
  • Multiple Updates
2018-10-31 00:19:54
  • Multiple Updates
2018-01-26 12:02:17
  • Multiple Updates
2017-08-08 09:24:27
  • Multiple Updates
2016-06-28 17:19:21
  • Multiple Updates
2016-04-26 17:56:07
  • Multiple Updates
2014-02-17 10:46:59
  • Multiple Updates
2013-05-11 00:28:47
  • Multiple Updates