DescriptionThe image creation configuration in aaa_base before 16.26.1 for openSUSE 13.1 KDE adds the root user to the "users" group when installing from a live image, which allows local users to obtain sensitive information and possibly have other unspecified impacts, as demonstrated by reading /etc/shadow.
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having moderate severity.
|National Vulnerability Database|
- openSUSE-SU-2013:1955-1, published Wed, 25 Dec 2013 18:08:27 +0100 (CET)
List of released packages
|Product(s)||Fixed package version(s)||References|
|openSUSE 13.1|| ||Patchnames: