Security Advisory SA24995 - SUSE Update for Multiple Packages

Overview

Advisories

Research

Forums

Create Profile

Our Commitment

Database

Advisories by Product

Advisories by Vendor

Terminology

Report Vulnerability

Insecure Library Loading

Secunia Advisory SA24995

SUSE Update for Multiple Packages

Secunia Advisory

SA24995

Release Date

2007-04-23

Popularity

9,711 views

Comments

0 comments

Criticality level

Highly critical

Impact

Cross Site Scripting
Manipulation of data
Privilege escalation
DoS
System access

Where

From remote

Authentication level

This information is available to Secunia VIM customers

Report reliability

This information is available to Secunia VIM customers

Solution Status

Vendor Patch

Systems affected

This information is available to Secunia VIM customers

Approve distribution

This information is available to Secunia VIM customers

Operating System

openSUSE 10.2

SuSE eMail Server 3.x

SuSE Linux Connectivity Server

SuSE Linux Database Server

SuSE Linux Desktop 1.x

SUSE Linux Enterprise Server (SLES) 10

SuSE Linux Enterprise Server 7

SuSE Linux Enterprise Server 8

SUSE Linux Enterprise Server 9

SuSE Linux Firewall on CD/Admin host

SuSE Linux Office Server

SuSE Linux Openexchange Server 4.x

SuSE Linux Standard Server 8

Secunia CVSS Score

This information is available to Secunia VIM Customers

CVE Reference(s)

Description

SUSE has issued an update for multiple packages. This fixes some vulnerabilities, which can be exploited by malicious, local users to manipulate data, cause a DoS (Denial of Service), and gain escalated privileges, and by malicious people to manipulate data, conduct cross-site scripting attacks, cause a DoS, and compromise a vulnerable system.

This also fixes a vulnerability in cron, which is caused due to insecure permissions set on certain files and an improper check of hard links in database.c. This can be exploited to prevent the processing of cron files by creating hard links to system or user cron files. Another bug related to symlinks can be exploited by malicious, local users to manipulate to crontabs of other users.

For more information:
SA23660
SA24444
SA24486
SA24528
SA24801
SA24886

Solution
Apply updated packages.
Further details available to Secunia VIM customers

Original Advisory
http://www.novell.com/linux/security/advisories/2007_007_suse.html

Other references
Further details available to Secunia VIM customers

Deep Links
Links available to Secunia VIM customers

Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: SUSE Update for Multiple Packages

No posts yet

Secunia Advisory SA24995

SUSE Update for Multiple Packages

Do you have additional information related to this advisory?

You must be logged in to post a comment.

Secunia Customer Login

Not a customer already?