exploits , vulnerabilities , articles , SuSE YaST2 Backup File Name Local Arbitrary Shell Command Injection Vulnerability

Title	SuSE YaST2 Backup File Name Local Arbitrary Shell Command Injection Vulnerability
Published	2008-11-25-12:00AM
Updated	2008-11-26-03:34PM
Class	Input Validation Error
CVE	CVE-2008-4636
Remote	No
Local	Yes
Credit	This issue was disclosed by the vendor.
Vulnerable	SuSE SLES 9 S.u.S.E. YaST2 Backup 0 S.u.S.E. Linux 8.1 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.0 x86_64 S.u.S.E. Linux Personal 9.0 S.u.S.E. Linux Personal 8.2 S.u.S.E. openSUSE 11.0 S.u.S.E. openSUSE 10.3 S.u.S.E. openSUSE 10.2 S.u.S.E. OpenEnterpriseServer 0 S.u.S.E. Novell Linux POS 9 S.u.S.E. Novell Linux Desktop 9 S.u.S.E. Linux Enterprise Server 8 S.u.S.E. Linux Enterprise Server 10.SP2 SP S.u.S.E. Linux Enterprise Server 10.SP1 S.u.S.E. Linux Enterprise Desktop 10 SP2 S.u.S.E. Linux Enterprise Desktop 10 SP1
Not Vulnerable
Code	An attacker with local, interactive access to a vulnerable computer can use readily available commands to exploit this issue.
TXT

Vulnerabilities - newest 10 RSS | More

• 2009-12-10 GNU Coreutils Insecure Temporary File Creation Vulnerability
• 2009-12-10 WebKit SVG Animation Elements User After Free Remote Code Execution Vulnerability
• 2009-12-10 Moodle Multiple Vulnerabilities
• 2009-12-10 Linux Kernel KVM Large SMP Instruction Local Denial of Service Vulnerability
• 2009-12-09 Adobe Flash Player and AIR Data Injection Remote Code Execution Vulnerability
• 2009-12-09 Adobe Flash Player ActiveX Control Information Disclosure Vulnerability
• 2009-12-09 Adobe Flash Player and AIR Multiple Unspecified Remote Code Execution Vulnerabilities
• 2009-12-09 HP OpenView Network Node Manager Multiple Remote Code Execution Vulnerabilities
• 2009-12-09 Shibboleth Redirection URL HTML Injection Vulnerability
• 2009-12-09 VLC Media Player RTSP Remote Buffer Overflow Vulnerability

• Vulnerabilities
• Exploits
• News
• Articles

Copyright 2007, SecurityDot
Fri, 11 Dec 2009 16:18:00 +0000