CVE-2008-4636
Published Nov 27, 2008
Last updated 9 months ago
Overview
- Description
- yast2-backup 2.14.2 through 2.16.6 on SUSE Linux and Novell Linux allows local users to gain privileges via shell metacharacters in filenames used by the backup process.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.2
- Impact score
- 10
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-78
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:novell:linux_desktop:9:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "5595E484-647C-4F85-94AB-5A4D55CD766B"
},
{
"criteria": "cpe:2.3:o:novell:open_enterprise_server:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "C5C0C136-E406-4628-994A-682E8E729B50"
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:10.2:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "24818450-FDA1-429A-AC17-68F44F584217"
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "C35B68DF-1440-4587-8458-9C5F4D1E43F3"
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "1B42AB65-443B-4655-BAEA-4EB4A43D9509"
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:8:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "FA1E7EFF-1CCA-473B-8D5C-30D59C26DC70"
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "4CD2D897-E321-4CED-92E0-11A98B52053C"
},
{
"criteria": "cpe:2.3:o:suse:suse_linux_enterprise_desktop:10:sp1:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "44320836-E2DE-4A1C-9820-AFFA087FF7FB"
},
{
"criteria": "cpe:2.3:o:suse:suse_linux_enterprise_desktop:10:sp2:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "14DF1463-F23F-465F-8A35-D550A7438CB6"
},
{
"criteria": "cpe:2.3:o:suse:suse_linux_enterprise_server:10:sp1:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "15E235E9-EC31-4F3F-80F7-981C720FF353"
},
{
"criteria": "cpe:2.3:o:suse:suse_linux_enterprise_server:10:sp2:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "02E6A767-B9A5-4054-BE70-286E0A464248"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:suse:yast2-backup:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4668731B-1AF7-48A2-A0BA-9A056E85A559",
"versionEndIncluding": "2.16.6",
"versionStartIncluding": "2.14.2"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]