SuSE YaST2 Backup File Name Local Arbitrary Shell Command Injection Vulnerability

Bugtraq ID: 32464
Class: Input Validation Error
CVE: CVE-2008-4636
Remote: No
Local: Yes
Published: Nov 25 2008 12:00AM
Updated: Mar 19 2015 09:32AM
Credit: This issue was disclosed by the vendor.
Vulnerable: SuSE SUSE Linux Enterprise Server 9
SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
SuSE SUSE Linux Enterprise Server 10 SP2
SuSE SUSE Linux Enterprise Server 10 SP1
SuSE SUSE Linux Enterprise Desktop 10 SP2
SuSE SUSE Linux Enterprise Desktop 10 SP1
SuSE openSUSE 10.3
S.u.S.E. YaST2 Backup 0
+ S.u.S.E. Linux 8.1
+ S.u.S.E. Linux Personal 9.1
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0
+ S.u.S.E. Linux Personal 8.2
S.u.S.E. openSUSE 11.0
S.u.S.E. openSUSE 10.2
S.u.S.E. Open-Enterprise-Server 0
S.u.S.E. Novell Linux POS 9
S.u.S.E. Novell Linux Desktop 9.0
Not Vulnerable:


 

Privacy Statement
Copyright 2010, SecurityFocus