drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Rechteprüfung in WebYaST
Name: |
Mangelnde Rechteprüfung in WebYaST |
|
ID: |
SUSE-SU-2014:0022-1 |
|
Distribution: |
SUSE |
|
Plattformen: |
SUSE WebYaST 1.2 |
|
Datum: |
Di, 7. Januar 2014, 00:02 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3709 |
|
Applikationen: |
WebYaST |
|
Originalnachricht |
SUSE Security Update: Security update for WebYaST ______________________________________________________________________________
Announcement ID: SUSE-SU-2014:0022-1 Rating: important References: #851116 Cross-References: CVE-2013-3709 Affected Products: WebYaST 1.2 ______________________________________________________________________________
An update that fixes one vulnerability is now available. It includes one version update.
Description:
In the past WebYAST was installed with world readable secret tokens. Although these were modified on the start of the webyast service and so could not be read from remote, it was possible for local attackers on the same machine to read the secrets and so gain local root access via the webyast services. This has been fixed. (CVE-2013-3709)
Security Issue reference:
* CVE-2013-3709 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3709 >
Patch Instructions:
To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product:
- WebYaST 1.2:
zypper in -t patch slewyst12-webyast-base-ui-8706
To bring your system up-to-date, use "zypper patch".
Package List:
- WebYaST 1.2 (noarch) [New Version: 0.2.64]:
webyast-base-ui-0.2.64-0.3.1 webyast-base-ui-branding-default-0.2.64-0.3.1 webyast-base-ui-testsuite-0.2.64-0.3.1
References:
http://support.novell.com/security/cve/CVE-2013-3709.html https://bugzilla.novell.com/851116 ?keywords=af7e4362e22d530ab6e447346f0afdfb
-- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
|
|
|
|