Local File Access Vulnerability in YaST by SUSE Linux
CVE-2005-4772

Currently unrated

Key Information:

Vendor: Suse
Status: Suse Sled Beagle; Suse Linux Standard Server; Suse Linux Openexchange Server; Suse Linux School Server
Vendor: CVE Published:; 31 December 2005

Summary

The YaST (Yet another Setup Tool) in SUSE Linux versions before 20051007 has a vulnerability in the liby2util component that improperly preserves file permissions and ownership when copying remote repositories. This flaw may provide local users with the capability to read or alter sensitive files, potentially leading to further exploitation, such as the ability to capitalize on CVE-2005-3013 vulnerabilities.

References

http://www.novell.com/linux/security/advisories/2005_22_s...

vendor-advisoryx_refsource_SUSE

http://www.securityfocus.com/bid/15026

vdb-entryx_refsource_BID

Timeline

Vulnerability Reserved
Apr 7, 2006
Vulnerability published
Dec 31, 2005