Local Privilege Escalation Vulnerability in SUSE Lifecycle Management Server
CVE-2013-7042

Currently unrated

Key Information:

Vendor: Novell
Status: Suse Lifecycle Management Server
Vendor: CVE Published:; 10 December 2013

Summary

The SUSE Lifecycle Management Server (SLMS) versions prior to 1.3.7 have a security flaw due to world-readable permissions set for secret keys. This vulnerability allows local users to exploit unspecified methods to gain elevated privileges within the system, potentially compromising data integrity and system security. It is crucial for users to update to version 1.3.7 or later to mitigate the risks associated with this vulnerability.

References

https://www.suse.com/support/update/announcement/2013/sus...

vendor-advisoryx_refsource_SUSE

https://bugzilla.novell.com/show_bug.cgi?id=852101

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/89897

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Dec 10, 2013
Vulnerability Reserved
Dec 10, 2013