Vulnerability Description
liby2util in Yet another Setup Tool (YaST) in SUSE Linux before 20051007 preserves permissions and ownerships when copying a remote repository, which might allow local users to read or modify sensitive files, possibly giving local users the ability to exploit CVE-2005-3013.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Suse | Suse Linux Openexchange Server | 4.0 |
| Suse | Suse Linux School Server | gold |
| Suse | Suse Linux Standard Server | 8.0 |
| Suse | Suse Sled Beagle | 10.0 |
| Suse | Suse Linux | 1.0 |
References
- http://www.novell.com/linux/security/advisories/2005_22_sr.htmlPatchVendor Advisory
- http://www.securityfocus.com/bid/15026Patch
- http://www.novell.com/linux/security/advisories/2005_22_sr.htmlPatchVendor Advisory
- http://www.securityfocus.com/bid/15026Patch
FAQ
What is CVE-2005-4772?
CVE-2005-4772 is a vulnerability with a CVSS score of 6.4 (MEDIUM). liby2util in Yet another Setup Tool (YaST) in SUSE Linux before 20051007 preserves permissions and ownerships when copying a remote repository, which might allow local users to read or modify sensitiv...
How severe is CVE-2005-4772?
CVE-2005-4772 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-4772?
Check the references section above for vendor advisories and patch information. Affected products include: Suse Suse Linux Openexchange Server, Suse Suse Linux School Server, Suse Suse Linux Standard Server, Suse Suse Sled Beagle, Suse Suse Linux.