PT-2017-7975 · Suse · Suse Linux Enterprise Server+3

Published

2016-06-07

·

Updated

2018-10-30

·

CVE-2016-1602

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions SUSE Linux Enterprise Server versions 12 and 12-SP1 SUSE Linux Enterprise Desktop versions 12 and 12-SP1
Description A code injection issue in the supportconfig data collection tool in supportutils could allow local attackers to execute code as the user running supportconfig, which is usually the root user.
Recommendations For SUSE Linux Enterprise Server versions 12 and 12-SP1, update the supportutils package to a version that includes the fix for this issue. For SUSE Linux Enterprise Desktop versions 12 and 12-SP1, update the supportutils package to a version that includes the fix for this issue.

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2016-1602
SUSE-SU-2016:1507-1
SUSE-SU-2016:1514-1
SUSE-SU-2016_1507-1
SUSE-SU-2016_1514-1

Affected Products

Suse Linux Enterprise Desktop
Suse Linux Enterprise Server
Suse
Supportutils