|
|
SuSE YaST2 Backup File Name Local Arbitrary Shell Command Injection Vulnerability
|
Bugtraq ID:
|
32464
|
|
Class:
|
Input Validation Error
|
|
CVE:
|
CVE-2008-4636
|
|
Remote:
|
No
|
|
Local:
|
Yes
|
|
Published:
|
Nov 25 2008 12:00AM
|
|
Updated:
|
Nov 26 2008 03:34PM
|
|
Credit:
|
This issue was disclosed by the vendor.
|
|
Vulnerable:
|
SuSE SLES 9
S.u.S.E. YaST2 Backup 0
+
S.u.S.E. Linux 8.1
+
S.u.S.E. Linux Personal 9.1
+
S.u.S.E. Linux Personal 9.0 x86_64
+
S.u.S.E. Linux Personal 9.0
+
S.u.S.E. Linux Personal 8.2
S.u.S.E. openSUSE 11.0
S.u.S.E. openSUSE 10.3
S.u.S.E. openSUSE 10.2
S.u.S.E. Open-Enterprise-Server 0
S.u.S.E. Novell Linux POS 9
S.u.S.E. Novell Linux Desktop 9
S.u.S.E. Linux Enterprise Server 8
S.u.S.E. Linux Enterprise Server 10.SP2 SP
S.u.S.E. Linux Enterprise Server 10.SP1
S.u.S.E. Linux Enterprise Desktop 10 SP2
S.u.S.E. Linux Enterprise Desktop 10 SP1
|
|
|
|
Not Vulnerable:
|
|
|
|
