Detections
Analytics
openSUSE 10 Security Update : yast2-core (yast2-core-4634)
high Nessus Plugin ID 28180
Synopsis
The remote openSUSE host is missing a security update.Description
This update fixes a security bug in yast2-core that allowed local attackers to provide malicious yast2 modules to yast2 that are executed with root privileges. To trigger this vulnerability root has to execute yast2 in an untrusted directory (i.e. /tmp). Thanks to Stefan Nordhausen for reporting this to us.Solution
Update the affected yast2-core packages.Plugin Details
Severity: High
ID: 28180
File Name: suse_yast2-core-4634.nasl
Version: 1.9
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 11/12/2007
Updated: 1/14/2021
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus
Vulnerability Information
CPE: p-cpe:/a:novell:opensuse:yast2-core, p-cpe:/a:novell:opensuse:yast2-core-devel, cpe:/o:novell:opensuse:10.1, cpe:/o:novell:opensuse:10.2, cpe:/o:novell:opensuse:10.3
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Patch Publication Date: 11/6/2007