Vulnerability Description
The YaST2 LDAP module in yast2-ldap-server on SUSE Linux Enterprise Server 11 (aka SLE11) does not enable the firewall in certain circumstances involving reboots during online updates, which makes it easier for remote attackers to access network services.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Suse | Suse Linux | 11 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.htmlVendor Advisory
- http://secunia.com/advisories/35685
- http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.htmlVendor Advisory
- http://secunia.com/advisories/35685
FAQ
What is CVE-2009-1648?
CVE-2009-1648 is a vulnerability with a CVSS score of 7.5 (HIGH). The YaST2 LDAP module in yast2-ldap-server on SUSE Linux Enterprise Server 11 (aka SLE11) does not enable the firewall in certain circumstances involving reboots during online updates, which makes it ...
How severe is CVE-2009-1648?
CVE-2009-1648 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-1648?
Check the references section above for vendor advisories and patch information. Affected products include: Suse Suse Linux.