CVE-2008-4636

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2008-4636
yast2-backup 2.14.2 through 2.16.6 on SUSE Linux and Novell Linux allows local users to gain privileges via shell metacharacters in filenames used by the backup process.

7.2 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00003.html Patch Third Party Advisory
http://osvdb.org/50284 Broken Link
http://secunia.com/advisories/32832 Broken Link Patch Vendor Advisory
http://www.securityfocus.com/bid/32464 Broken Link Patch Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/46879 Third Party Advisory VDB Entry
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00003.html Patch Third Party Advisory
http://osvdb.org/50284 Broken Link
http://secunia.com/advisories/32832 Broken Link Patch Vendor Advisory
http://www.securityfocus.com/bid/32464 Broken Link Patch Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/46879 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:novell:linux_desktop:9:*:*:*:*:*:*:*
cpe:2.3:o:novell:open_enterprise_server:-:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:10.2:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:8:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux_enterprise_desktop:10:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux_enterprise_desktop:10:sp2:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux_enterprise_server:10:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux_enterprise_server:10:sp2:*:*:*:*:*:*
cpe:2.3:o:suse:yast2-backup:*:*:*:*:*:*:*:*
History

No history.

Information

Published : 2008-11-27 00:30

Updated : 2025-04-09 00:30

NVD link : CVE-2008-4636

Mitre link : CVE-2008-4636

CVE.ORG link : CVE-2008-4636

JSON object : View

Products Affected

opensuse

  • opensuse

suse

  • linux_enterprise_server
  • suse_linux_enterprise_server
  • yast2-backup
  • suse_linux_enterprise_desktop

novell

  • open_enterprise_server
  • linux_desktop
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')