ID CVE-2009-1648
Summary The YaST2 LDAP module in yast2-ldap-server on SUSE Linux Enterprise Server 11 (aka SLE11) does not enable the firewall in certain circumstances involving reboots during online updates, which makes it easier for remote attackers to access network services.
References
Vulnerable Configurations
  • cpe:2.3:o:suse:suse_linux:11:*:enterprise_desktop:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:11:*:enterprise_desktop:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:11:*:enterprise_server:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:11:*:enterprise_server:*:*:*:*:*
CVSS
Base: 7.5 (as of 06-07-2009 - 04:00)
Impact:
Exploitability:
CWE CWE-16
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
secunia 35685
suse SUSE-SR:2009:012
Last major update 06-07-2009 - 04:00
Published 05-07-2009 - 16:30
Back to Top