Vulnerability Description
The image creation configuration in aaa_base before 16.26.1 for openSUSE 13.1 KDE adds the root user to the "users" group when installing from a live image, which allows local users to obtain sensitive information and possibly have other unspecified impacts, as demonstrated by reading /etc/shadow.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Opensuse | Opensuse | 13.1 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00117.htmlExploit
- https://bugzilla.novell.com/show_bug.cgi?id=843230
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00117.htmlExploit
- https://bugzilla.novell.com/show_bug.cgi?id=843230
FAQ
What is CVE-2013-3713?
CVE-2013-3713 is a vulnerability with a CVSS score of 4.4 (MEDIUM). The image creation configuration in aaa_base before 16.26.1 for openSUSE 13.1 KDE adds the root user to the "users" group when installing from a live image, which allows local users to obtain sensitiv...
How severe is CVE-2013-3713?
CVE-2013-3713 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-3713?
Check the references section above for vendor advisories and patch information. Affected products include: Opensuse Opensuse.