SuSE9 Security Update : YaST2 (YOU Patch Number 11952)

high Nessus Plugin ID 41161

Synopsis

The remote SuSE 9 host is missing a security-related patch.

Description

This update fixes a security bug in yast2-core that allows local attackers to provide malicious YaST2 modules to YaST2 which are subsequently executed with root privileges. To trigger this vulnerability root has to execute yast2 in an untrusted directory (i.e. /tmp).

Solution

Apply YOU patch number 11952.

Plugin Details

Severity: High

ID: 41161

File Name: suse9_11952.nasl

Version: 1.8

Type: local

Agent: unix

Family: SuSE Local Security Checks

Published: 9/24/2009

Updated: 1/14/2021

Supported Sensors: Nessus Agent, Nessus

Vulnerability Information

CPE: cpe:/o:suse:suse_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 11/8/2007

Detections

Analytics