CVE-2013-3709

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2013-3709 at MITRE

Description

WebYaST 1.3 uses weak permissions for config/initializers/secret_token.rb, which allows local users to gain privileges by reading the Rails secret token from this file.

NVD CVSS v2 Base Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)

SUSE information

SUSE Bugzilla entry: 851116

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Lifecycle Management Server 1.3
  • webyast-base >= 0.3.43.1-0.5.1
  • webyast-base-branding-default >= 0.3.43.1-0.5.1
Patchnames:
sleslms13-webyast-base
SUSE Studio Onsite 1.3
  • webyast-base >= 0.3.43.1-0.5.1
  • webyast-base-branding-default >= 0.3.43.1-0.5.1
Patchnames:
slestso13-webyast-base
SUSE WebYast 1.3
  • webyast-base >= 0.3.43.1-0.5.1
  • webyast-base-branding-default >= 0.3.43.1-0.5.1
Patchnames:
slewyst13-webyast-base
WebYaST 1.2
  • webyast-base-ui >= 0.2.64-0.3.1
  • webyast-base-ui-branding-default >= 0.2.64-0.3.1
  • webyast-base-ui-testsuite >= 0.2.64-0.3.1
Builds
SAT Patch Nr: 8706
SUSE Lifecycle Management Server 1.3
SUSE Studio Onsite 1.3
WebYaST 1.3
  • webyast-base >= 0.3.43.1-0.5.1
  • webyast-base-branding-default >= 0.3.43.1-0.5.1
Builds
SAT Patch Nr: 8608
openSUSE 12.3
  • webyast-base >= 0.3.43.1-1.4.1
  • webyast-base-branding-default >= 0.3.43.1-1.4.1
  • webyast-base-testsuite >= 0.3.43.1-1.4.1
Patchnames:
openSUSE-2013-1028
openSUSE 13.1
  • webyast-base >= 0.3.45.1-2.4.1
  • webyast-base-branding-default >= 0.3.45.1-2.4.1
  • webyast-base-testsuite >= 0.3.45.1-2.4.1
Patchnames:
openSUSE-2013-1029