openSUSE 10 Security Update : yast2-core (yast2-core-4634)

High Nessus Plugin ID 28180


The remote openSUSE host is missing a security update.


This update fixes a security bug in yast2-core that allowed local attackers to provide malicious yast2 modules to yast2 that are executed with root privileges. To trigger this vulnerability root has to execute yast2 in an untrusted directory (i.e. /tmp). Thanks to Stefan Nordhausen for reporting this to us.


Update the affected yast2-core packages.

Plugin Details

Severity: High

ID: 28180

File Name: suse_yast2-core-4634.nasl

Version: $Revision: 1.6 $

Type: local

Agent: unix

Published: 2007/11/12

Modified: 2014/06/13

Dependencies: 12634

Risk Information

Risk Factor: High

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:yast2-core, p-cpe:/a:novell:opensuse:yast2-core-devel, cpe:/o:novell:opensuse:10.1, cpe:/o:novell:opensuse:10.2, cpe:/o:novell:opensuse:10.3

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2007/11/06