PT-2017-7975 · Suse · Suse Linux Enterprise Server+3

Publicado

2016-06-07

·

Atualizado

2018-10-30

·

CVE-2016-1602

CVSS v3.1

7.8

Alta

VetorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions SUSE Linux Enterprise Server versions 12 and 12-SP1 SUSE Linux Enterprise Desktop versions 12 and 12-SP1
Description A code injection issue in the supportconfig data collection tool in supportutils could allow local attackers to execute code as the user running supportconfig, which is usually the root user.
Recommendations For SUSE Linux Enterprise Server versions 12 and 12-SP1, update the supportutils package to a version that includes the fix for this issue. For SUSE Linux Enterprise Desktop versions 12 and 12-SP1, update the supportutils package to a version that includes the fix for this issue.

Correção

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94

Identificadores relacionados

CVE-2016-1602
SUSE-SU-2016:1507-1
SUSE-SU-2016:1514-1
SUSE-SU-2016_1507-1
SUSE-SU-2016_1514-1

Produtos afetados

Suse Linux Enterprise Desktop
Suse Linux Enterprise Server
Suse
Supportutils