Secunia Security Advisory 32832

Secunia Security Advisory 32832: Posted Nov 25, 2008; Authored by Secunia | Site secunia.com; Secunia Security Advisory - SUSE has issued an update for yast2-backup. This fixes a security issue, which can be exploited by malicious, local users to gain escalated privileges.; tags | advisory, local; systems | linux, suse; SHA-256 | 22651cffa17400c1ac3c12b0c44b9934ffc22b3ee54c8a7dfed75b721a3d4579; Download | Favorite | View

Secunia Security Advisory 32832

----------------------------------------------------------------------

Did you know that a change in our assessment rating, exploit code
availability, or if an updated patch is released by the vendor, is
not part of this mailing-list?

Click here to learn more:
http://secunia.com/advisories/business_solutions/

----------------------------------------------------------------------

TITLE:
SUSE update for yast2-backup

SECUNIA ADVISORY ID:
SA32832

VERIFY ADVISORY:
http://secunia.com/advisories/32832/

CRITICAL:
Less critical

IMPACT:
Privilege escalation

WHERE:
Local system

OPERATING SYSTEM:
openSUSE 10.2
http://secunia.com/advisories/product/13375/
openSUSE 10.3
http://secunia.com/advisories/product/16124/
openSUSE 11.0
http://secunia.com/advisories/product/19180/
SuSE Linux Enterprise Server 8
http://secunia.com/advisories/product/1171/
SUSE Linux Enterprise Server 9
http://secunia.com/advisories/product/4118/
SUSE Linux Enterprise Server 10
http://secunia.com/advisories/product/12192/

SOFTWARE:
Novell Open Enterprise Server 1.x
http://secunia.com/advisories/product/4664/

DESCRIPTION:
SUSE has issued an update for yast2-backup. This fixes a security
issue, which can be exploited by malicious, local users to gain
escalated privileges.

The security issue is caused due to yast2-backup not properly
sanitising filenames, which can be exploited to inject arbitrary
shell commands via specially crafted filenames.

SOLUTION:
Apply updated packages.

Platform Independent:

openSUSE 11.0:

http://download.opensuse.org/pub/opensuse/update/11.0/rpm/noarch/yast2-backup-2.16.6-0.1.noarch.rpm

openSUSE 10.3:

http://download.opensuse.org/pub/opensuse/update/10.3/rpm/noarch/yast2-backup-2.15.7-0.1.noarch.rpm

openSUSE 10.2:

ftp://ftp.suse.com/pub/suse/update/10.2/rpm/noarch/yast2-backup-2.14.2-0.1.noarch.rpm

Sources:

openSUSE 11.0:

http://download.opensuse.org/pub/opensuse/update/11.0/rpm/src/yast2-backup-2.16.6-0.1.src.rpm

openSUSE 10.3:

http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/yast2-backup-2.15.7-0.1.src.rpm

openSUSE 10.2:

ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/yast2-backup-2.14.2-0.1.src.rpm

Open Enterprise Server

http://download.novell.com/index.jsp?search=Search&keywords=9b5088ff155f0ef71eeac627566a4ebe

Novell Linux POS 9

http://download.novell.com/index.jsp?search=Search&keywords=9b5088ff155f0ef71eeac627566a4ebe

Novell Linux Desktop 9

http://download.novell.com/index.jsp?search=Search&keywords=9b5088ff155f0ef71eeac627566a4ebe

SUSE SLES 9

http://download.novell.com/index.jsp?search=Search&keywords=9b5088ff155f0ef71eeac627566a4ebe

SuSE Linux Enterprise Server 8

http://download.novell.com/index.jsp?search=Search&keywords=83466dc61c7874dbb83c7035c8f3fed2

SUSE Linux Enterprise Server 10 SP1

http://download.novell.com/index.jsp?search=Search&keywords=873b8cb0771c68aded76518d4b12c766

SUSE Linux Enterprise Desktop 10 SP1

http://download.novell.com/index.jsp?search=Search&keywords=873b8cb0771c68aded76518d4b12c766

SUSE Linux Enterprise Server 10 SP2

http://download.novell.com/index.jsp?search=Search&keywords=388de739f171e7e9754618a1fee7894e

SUSE Linux Enterprise Desktop 10 SP2

http://download.novell.com/index.jsp?search=Search&keywords=388de739f171e7e9754618a1fee7894e

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
SUSE-SA:2008:054
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00003.html

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Top Authors In Last 30 Days

Red Hat 229 files
indoushka 167 files
Jay Turla 150 files
Ubuntu 67 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Karn Ganeshen 23 files
Pedro Ribeiro 22 files

File Archives

Systems

AIX (430)
Apple (2,114)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,124)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (881)
iOS (389)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,237)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (16,845)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,852)
UNIX (9,456)
UnixWare (188)
Windows (6,772)
Other

Secunia Security Advisory 32832

Secunia Security Advisory 32832

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Secunia Security Advisory 32832

Share This

Secunia Security Advisory 32832

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems