CVE-2009-1648 - The YaST2 LDAP module in yast2-ldap-server on SUSE Linux Enterprise Server 11 (aka SLE11) does not e

CVE-2009-1648

Summary

The YaST2 LDAP module in yast2-ldap-server on SUSE Linux Enterprise Server 11 (aka SLE11) does not enable the firewall in certain circumstances involving reboots during online updates, which makes it easier for remote attackers to access network services.

References

http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
http://secunia.com/advisories/35685

Vulnerable Configurations

cpe:2.3:o:suse:suse_linux:11:*:enterprise_desktop:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:11:*:enterprise_desktop:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:11:*:enterprise_server:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:11:*:enterprise_server:*:*:*:*:*

CVSS

Base:	7.5 (as of 06-07-2009 - 04:00)
Impact:
Exploitability:

CWE

CWE-16

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

secunia	35685
suse	SUSE-SR:2009:012

Last major update

06-07-2009 - 04:00

Published

05-07-2009 - 16:30

Last modified

06-07-2009 - 04:00