SuSE: liby2util 2.10.7-0.1
|4||(AV:L/AC:M/Au:S/C:P/I:P/A:P)||January 01, 2005||November 08, 2005||November 29, 2013|
Rene "l00m" Fischer found two problem in the handling of package repositories.
- The remote repositories were copied with permissions and ownerships intact. If the remote repository was owned by a user or had problematic permissions, these ownership and permissions were copied over to the system.
If these included world writeable permissions local users could overwrite package meta files.
This problem is not present when installing from CD or a correctly set up network source.
- The YaST package handling had a bufferoverflow which could be used by attackers having access to the meta data (for instance due to above permission problem) to potentially execute code.
These problems have been fixed with this update.
Free Nexpose Download
Discover, prioritize, and remediate security risks today!