Local Privilege Escalation in SUSE openSUSE Factory Cobbler Service
CVE-2011-1551

Currently unrated

Key Information:

Vendor: Novell
Status: Opensuse Factory
Vendor: CVE Published:; 30 March 2011

Summary

The SUSE openSUSE Factory Cobbler service poses a local privilege escalation vulnerability due to improper ownership assignments of the /var/log/cobbler/ directory. The directory is incorrectly owned by the web-service user account, enabling local users to exploit this misconfiguration. By leveraging access to the web-service user during root filesystem operations, an attacker could gain elevated privileges, potentially allowing unauthorized actions on the system. It is critical for system administrators to recognize this vulnerability and apply appropriate mitigations to protect against unauthorized access.

References

http://openwall.com/lists/oss-security/2011/03/23/11

mailing-listx_refsource_MLIST

https://exchange.xforce.ibmcloud.com/vulnerabilities/66487

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Mar 30, 2011
Vulnerability Reserved
Mar 30, 2011