SuSE 11.1 Security Update : sysconfig (SAT Patch Number 5618)

high Nessus Plugin ID 57597

Synopsis

The remote SuSE 11 host is missing a security update.

Description

sysconfig hook script for NetworkManager did not properly quote shell meta characters when processing ESSIDs. Specially crafted network names could have therefore lead to execution of shell code.
(CVE-2011-4182)

In addition, the following non-security bugs were fixed :

- 580018: ip addr flush $ifname causes vanishing /proc/sys/net/ipv6/conf/$ifname

- 697929: ipv6, rcnetwork returns before dad completed

Solution

Apply SAT patch number 5618.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=559170

https://bugzilla.novell.com/show_bug.cgi?id=580018

https://bugzilla.novell.com/show_bug.cgi?id=697929

https://bugzilla.novell.com/show_bug.cgi?id=735394

http://support.novell.com/security/cve/CVE-2011-4182.html

Plugin Details

Severity: High

ID: 57597

File Name: suse_11_sysconfig-120106.nasl

Version: 1.5

Type: local

Agent: unix

Published: 1/19/2012

Updated: 1/19/2021

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:11:sysconfig, cpe:/o:novell:suse_linux:11

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 1/6/2012

Reference Information

CVE: CVE-2011-4182