SuSE 10 Security Update : YaST2 (ZYPP Patch Number 4623)

high Nessus Plugin ID 29613

Synopsis

The remote SuSE 10 host is missing a security-related patch.

Description

This update fixes a security bug in yast2-core that allowed local attackers to provide malicious yast2 modules to yast2 that are executed with root privileges. To trigger this vulnerability root has to execute yast2 in an untrusted directory (i.e. /tmp). Thanks to Stefan Nordhausen for reporting this to us.

Solution

Apply ZYPP patch number 4623.

Plugin Details

Severity: High

ID: 29613

File Name: suse_yast2-core-4623.nasl

Version: 1.16

Type: local

Agent: unix

Published: 12/13/2007

Updated: 1/14/2021

Supported Sensors: Nessus Agent, Nessus

Vulnerability Information

CPE: cpe:/o:suse:suse_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 11/5/2007