CVE-2005-4772

liby2util in Yet another Setup Tool (YaST) in SUSE Linux before 20051007 preserves permissions and ownerships when copying a remote repository, which might allow local users to read or modify sensitive files, possibly giving local users the ability to exploit CVE-2005-3013.

CVSS v2.0 6.4 MEDIUM

6.4^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:N

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.novell.com/linux/security/advisories/2005_22_sr.html	Patch Vendor Advisory
http://www.securityfocus.com/bid/15026	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:suse:suse_linux_openexchange_server:4.0:::::::*
	cpe:2.3:a:suse:suse_linux_school_server:gold:::::::*
	cpe:2.3:a:suse:suse_linux_standard_server:8.0:::::::*
	cpe:2.3:a:suse:suse_sled_beagle:10.0:::::::*

Configuration 2 (hide)

OR	cpe:2.3:o:suse:suse_linux:9.1::personal:::::
	cpe:2.3:o:suse:suse_linux:9.1::professional:::::
	cpe:2.3:o:suse:suse_linux:9.1::x86_64:::::
	cpe:2.3:o:suse:suse_linux:9.2::personal:::::
	cpe:2.3:o:suse:suse_linux:10.0::oss:::::
	cpe:2.3:o:suse:suse_linux:8.0::retail_solution:::::
	cpe:2.3:o:suse:suse_linux:9.0::enterprise_server:::::
	cpe:2.3:o:suse:suse_linux:9.0::professional:::::
	cpe:2.3:o:suse:suse_linux:9.2::x86_64:::::
	cpe:2.3:o:suse:suse_linux:9.3::professional:::::
	cpe:2.3:o:suse:suse_linux:8.2::personal:::::
	cpe:2.3:o:suse:suse_linux:9.0::personal:::::
	cpe:2.3:o:suse:suse_linux:9.0:::::::*
	cpe:2.3:o:suse:suse_linux:9.3::personal:::::
	cpe:2.3:o:suse:suse_linux:8::enterprise_server:::::
	cpe:2.3:o:suse:suse_linux:9.3::x86_64:::::
	cpe:2.3:o:suse:suse_linux:1.0::desktop:::::
	cpe:2.3:o:suse:suse_linux:9.0::x86_64:::::
	cpe:2.3:o:suse:suse_linux:9.2::professional:::::
	cpe:2.3:o:suse:suse_linux:10.0::professional:::::
	cpe:2.3:o:suse:suse_linux:8.2::professional:::::

Information

Published : 2005-12-30 21:00

Updated : 2008-09-05 13:57

NVD link : CVE-2005-4772

Mitre link : CVE-2005-4772

JSON object : View

CWE

NVD-CWE-Other

Products Affected

suse

suse_linux_standard_server
suse_linux_school_server
suse_linux
suse_linux_openexchange_server
suse_sled_beagle

6.4 /10