[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[suse-security] EXPLOIT?!?!



"Affected: SuSE Linux 8.2Pro
Not affected: SuSE Linux 7.3Pro, non-SuSE distributions
Possibly affected: other SuSE distributions
Vulnerable package: susewm

Impact: Local user can gain root privileges
Exploit type: Symlink attack
Release date: October 6th 2003
Vendor status: SuSE was contacted on September 4th (> 1 month ago).
No SuSE-patch yet.

A symlink vulnerability exists in the shell script /sbin/conf.d/SuSEconfig.susewm, line 86. This shell script is part of the "susewm" package. This package is required by the package "kdebase3", so if KDE3 is installed on your system(s), you should be vulnerable."

...please read the link I provided for further details

http://amor.rz.hu-berlin.de/~nordhaus/sec/vul/1_index.html