Vítězslav Čížek

Name of the Vulnerable Software and Affected Versions: Supportutils versions prior to 3.1-5.7.1 Description: The issue is related to insufficient input validation in the implementation of the ndspath command in the Supportutils package for SUSE Linux. This can allow an attacker to gain unauthorized access to protected information. If an attacker provides a malicious ndspath binary at an arbitrary location, it can be executed with root privileges when the Supportutils is run with the command line argument -A. Recommendations: For versions prior to 3.1-5.7.1, update to version 3.1-5.7.1 or later to resolve the issue. As a temporary workaround, consider restricting the execution of the ndspath binary to trusted locations only, and avoid using the -A command line argument until the update is applied.

Name of the Vulnerable Software and Affected Versions: Supportutils versions prior to 3.1-5.7.1 Description: The issue is related to incorrect handling of file access, allowing local attackers to overwrite files on systems without symlink protection. This can be exploited by an attacker to modify arbitrary files. The vulnerability is associated with the Supportutils package for the SUSE Linux operating system. Recommendations: For versions prior to 3.1-5.7.1, update to version 3.1-5.7.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the /tmp/supp log file to minimize the risk of exploitation.