Back to search

SuSE: liby2util 2.10.7-0.1

Severity CVSS Published Added Modified
4 (AV:L/AC:M/Au:S/C:P/I:P/A:P) January 01, 2005 November 08, 2005 November 29, 2013

Description

Rene "l00m" Fischer found two problem in the handling of package repositories.

  • The remote repositories were copied with permissions and ownerships intact. If the remote repository was owned by a user or had problematic permissions, these ownership and permissions were copied over to the system.

If these included world writeable permissions local users could overwrite package meta files.

This problem is not present when installing from CD or a correctly set up network source.

  • The YaST package handling had a bufferoverflow which could be used by attackers having access to the meta data (for instance due to above permission problem) to potentially execute code.

These problems have been fixed with this update.

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now

References