CVE-2009-1648

Published Jul 5, 2009

Last updated 15 years ago

Overview

Description: The YaST2 LDAP module in yast2-ldap-server on SUSE Linux Enterprise Server 11 (aka SLE11) does not enable the firewall in certain circumstances involving reboots during online updates, which makes it easier for remote attackers to access network services.
Source: cve@mitre.org
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-16

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:suse:suse_linux:11:*:enterprise_desktop:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A21C44DE-B976-437F-99F0-C4BB018C3121"
          },
          {
            "criteria": "cpe:2.3:o:suse:suse_linux:11:*:enterprise_server:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B34E5287-ED2F-4BE2-8166-52B0108DCEC3"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References