SuSE 10 Security Update : YaST2 (ZYPP Patch Number 4623)

High Nessus Plugin ID 29613


The remote SuSE 10 host is missing a security-related patch.


This update fixes a security bug in yast2-core that allowed local attackers to provide malicious yast2 modules to yast2 that are executed with root privileges. To trigger this vulnerability root has to execute yast2 in an untrusted directory (i.e. /tmp). Thanks to Stefan Nordhausen for reporting this to us.


Apply ZYPP patch number 4623.

Plugin Details

Severity: High

ID: 29613

File Name: suse_yast2-core-4623.nasl

Version: $Revision: 1.13 $

Type: local

Agent: unix

Published: 2007/12/13

Modified: 2012/05/17

Dependencies: 12634

Risk Information

Risk Factor: High

Vulnerability Information

CPE: cpe:/o:suse:suse_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 2007/11/05