SuSE9 Security Update : YaST2 (YOU Patch Number 11952)
High Nessus Plugin ID 41161
SynopsisThe remote SuSE 9 host is missing a security-related patch.
DescriptionThis update fixes a security bug in yast2-core that allows local attackers to provide malicious YaST2 modules to YaST2 which are subsequently executed with root privileges. To trigger this vulnerability root has to execute yast2 in an untrusted directory (i.e. /tmp).
SolutionApply YOU patch number 11952.