CVE-2008-4636

Published Nov 27, 2008

Last updated a year ago

CVSS info 7.2

Overview

Description: yast2-backup 2.14.2 through 2.16.6 on SUSE Linux and Novell Linux allows local users to gain privileges via shell metacharacters in filenames used by the backup process.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.2
Impact score: 10
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-78

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:novell:linux_desktop:9:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5595E484-647C-4F85-94AB-5A4D55CD766B"
          },
          {
            "criteria": "cpe:2.3:o:novell:open_enterprise_server:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C5C0C136-E406-4628-994A-682E8E729B50"
          },
          {
            "criteria": "cpe:2.3:o:opensuse:opensuse:10.2:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "24818450-FDA1-429A-AC17-68F44F584217"
          },
          {
            "criteria": "cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C35B68DF-1440-4587-8458-9C5F4D1E43F3"
          },
          {
            "criteria": "cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1B42AB65-443B-4655-BAEA-4EB4A43D9509"
          },
          {
            "criteria": "cpe:2.3:o:suse:linux_enterprise_server:8:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FA1E7EFF-1CCA-473B-8D5C-30D59C26DC70"
          },
          {
            "criteria": "cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4CD2D897-E321-4CED-92E0-11A98B52053C"
          },
          {
            "criteria": "cpe:2.3:o:suse:suse_linux_enterprise_desktop:10:sp1:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "44320836-E2DE-4A1C-9820-AFFA087FF7FB"
          },
          {
            "criteria": "cpe:2.3:o:suse:suse_linux_enterprise_desktop:10:sp2:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "14DF1463-F23F-465F-8A35-D550A7438CB6"
          },
          {
            "criteria": "cpe:2.3:o:suse:suse_linux_enterprise_server:10:sp1:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "15E235E9-EC31-4F3F-80F7-981C720FF353"
          },
          {
            "criteria": "cpe:2.3:o:suse:suse_linux_enterprise_server:10:sp2:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "02E6A767-B9A5-4054-BE70-286E0A464248"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:suse:yast2-backup:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4668731B-1AF7-48A2-A0BA-9A056E85A559",
            "versionEndIncluding": "2.16.6",
            "versionStartIncluding": "2.14.2"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References