Lucene search

[email protected]CVE-2008-4636

HistoryNov 27, 2008 - 12:30 a.m.

CVE-2008-4636

2008-11-2700:30:00

CWE-78

[email protected]

web.nvd.nist.gov

cve-2008-4636

yast2-backup

suse linux

novell linux

privilege escalation

shell metacharacters

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.2 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.9%

JSON

yast2-backup 2.14.2 through 2.16.6 on SUSE Linux and Novell Linux allows local users to gain privileges via shell metacharacters in filenames used by the backup process.

Affected configurations

NVD

Node

novelllinux_desktopMatch9

novellopen_enterprise_serverMatch-

opensuseopensuseMatch10.2

opensuseopensuseMatch10.3

opensuseopensuseMatch11.0

suselinux_enterprise_serverMatch8

suselinux_enterprise_serverMatch9

susesuse_linux_enterprise_desktopMatch10sp1

susesuse_linux_enterprise_desktopMatch10sp2

susesuse_linux_enterprise_serverMatch10sp1

susesuse_linux_enterprise_serverMatch10sp2

AND

suseyast2-backupRange2.14.2–2.16.6

CPENameOperatorVersion
suse:yast2-backupsuse yast2-backuple2.16.6

CPE	Name	Operator	Version
suse:yast2-backup	suse yast2-backup	le	2.16.6

References

lists.opensuse.org/opensuse-security-announce/2008-11/msg00003.html

osvdb.org/50284

secunia.com/advisories/32832

www.securityfocus.com/bid/32464

exchange.xforce.ibmcloud.com/vulnerabilities/46879

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.2 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.9%

JSON

Related for CVE-2008-4636

nessus3 openvas5 cvelist1 nvd1 suse1 prion1