CVE-2009-1648

The YaST2 LDAP module in yast2-ldap-server on SUSE Linux Enterprise Server 11 (aka SLE11) does not enable the firewall in certain circumstances involving reboots during online updates, which makes it easier for remote attackers to access network services.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html	Vendor Advisory
http://secunia.com/advisories/35685
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html	Vendor Advisory
http://secunia.com/advisories/35685

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:suse:suse_linux:11::enterprise_desktop:::::
	cpe:2.3:o:suse:suse_linux:11::enterprise_server:::::

History

21 Nov 2024, 01:02

Type	Values Removed	Values Added
References	~~() http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html - Vendor Advisory~~	() http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html - Vendor Advisory
References	~~() http://secunia.com/advisories/35685 -~~	() http://secunia.com/advisories/35685 -

Information

Published : 2009-07-05 16:30

Updated : 2024-11-21 01:02

NVD link : CVE-2009-1648

Mitre link : CVE-2009-1648

CVE.ORG link : CVE-2009-1648

JSON object : View

Products Affected

suse

suse_linux

CWE

CWE-16

Configuration

{"id": "CVE-2009-1648", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-07-05T16:30:00.327", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/35685", "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/35685", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-16"}]}], "descriptions": [{"lang": "en", "value": "The YaST2 LDAP module in yast2-ldap-server on SUSE Linux Enterprise Server 11 (aka SLE11) does not enable the firewall in certain circumstances involving reboots during online updates, which makes it easier for remote attackers to access network services."}, {"lang": "es", "value": "El m\u00f3dulo YaST2 LDAP de yast2-ldap-server de SUSE Linux Enterprise Server v11 -tambi\u00e9n conocido como SLE11-, no activa el cortafuegos en determinadas circunstancias que incluyen reinicios durante las actualizaciones en l\u00ednea, esto facilita a los atacantes remotos acceder a los servicios en red."}], "lastModified": "2024-11-21T01:02:59.517", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:suse:suse_linux:11:*:enterprise_desktop:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A21C44DE-B976-437F-99F0-C4BB018C3121"}, {"criteria": "cpe:2.3:o:suse:suse_linux:11:*:enterprise_server:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B34E5287-ED2F-4BE2-8166-52B0108DCEC3"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}