CVE-2013-3709
SUSE Lifecycle Management Server 1.3,SUSE Studio Onsite 1.3,WebYaST 1.2,WebYaST 1.3
CVE-2013-3709, security advisory, novell, suse linux, suse, security, cve

CVE-2013-3709

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2013-3709 at MITRE

Description

WebYaST 1.3 uses weak permissions for config/initializers/secret_token.rb, which allows local users to gain privileges by reading the Rails secret token from this file.

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 7.15
Vector AV:L/AC:L/Au:N/C:C/I:C/A:C
Access Vector Local
Access Complexity Low
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete
SUSE Bugzilla entry: 851116 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Lifecycle Management Server 1.3
  • webyast-base >= 0.3.43.1-0.5.1
  • webyast-base-branding-default >= 0.3.43.1-0.5.1
Patchnames:
sleslms13-webyast-base
SUSE Studio Onsite 1.3
  • webyast-base >= 0.3.43.1-0.5.1
  • webyast-base-branding-default >= 0.3.43.1-0.5.1
Patchnames:
slestso13-webyast-base
SUSE WebYast 1.3
  • webyast-base >= 0.3.43.1-0.5.1
  • webyast-base-branding-default >= 0.3.43.1-0.5.1
Patchnames:
slewyst13-webyast-base
WebYaST 1.2
  • webyast-base-ui >= 0.2.64-0.3.1
  • webyast-base-ui-branding-default >= 0.2.64-0.3.1
  • webyast-base-ui-testsuite >= 0.2.64-0.3.1
Builds
SAT Patch Nr: 8706
SUSE Lifecycle Management Server 1.3
SUSE Studio Onsite 1.3
WebYaST 1.3
  • webyast-base >= 0.3.43.1-0.5.1
  • webyast-base-branding-default >= 0.3.43.1-0.5.1
Builds
SAT Patch Nr: 8608
openSUSE 12.3
  • webyast-base >= 0.3.43.1-1.4.1
  • webyast-base-branding-default >= 0.3.43.1-1.4.1
  • webyast-base-testsuite >= 0.3.43.1-1.4.1
Patchnames:
openSUSE-2013-1028
openSUSE 13.1
  • webyast-base >= 0.3.45.1-2.4.1
  • webyast-base-branding-default >= 0.3.45.1-2.4.1
  • webyast-base-testsuite >= 0.3.45.1-2.4.1
Patchnames:
openSUSE-2013-1029