SuSE9 Security Update : YaST2 (YOU Patch Number 11952)

High Nessus Plugin ID 41161


The remote SuSE 9 host is missing a security-related patch.


This update fixes a security bug in yast2-core that allows local attackers to provide malicious YaST2 modules to YaST2 which are subsequently executed with root privileges. To trigger this vulnerability root has to execute yast2 in an untrusted directory (i.e. /tmp).


Apply YOU patch number 11952.

Plugin Details

Severity: High

ID: 41161

File Name: suse9_11952.nasl

Version: $Revision: 1.5 $

Type: local

Agent: unix

Published: 2009/09/24

Modified: 2012/04/23

Dependencies: 12634

Risk Information

Risk Factor: High

Vulnerability Information

CPE: cpe:/o:suse:suse_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 2007/11/08