CVE-2011-2660

Common Vulnerabilities and Exposures

Upstream information

CVE-2011-2660 at MITRE

Description

The modify_resolvconf_suse script in the vpnc package before 0.5.1-55.10.1 in SUSE Linux Enterprise Desktop 11 SP1 might allow remote attackers to execute arbitrary commands via a crafted DNS domain name.

NVD CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Novell/SUSE information

Novell Bugzilla entry: 708656

SUSE Security Advisories:

SUSE-SU-2011:0979-1, published Wed, 31 Aug 2011 08:08:21 +0200 (CEST)
SUSE-SU-2011:0980-1, published Wed, 31 Aug 2011 09:08:13 +0200 (CEST)

List of released packages

Product(s)	Fixed package version(s)	References
SLE 11 SP1 DEBUGINFO	`vpnc-debuginfo >= 0.5.1-55.10.1` `vpnc-debugsource >= 0.5.1-55.10.1`	sled11-sp1.x86 sled11-sp1.x86-64 SAT Patch Nr: 5027
SUSE Linux Enterprise Desktop 11 SP1	`vpnc >= 0.5.1-55.10.1`	sled11-sp1.x86 sled11-sp1.x86-64 SAT Patch Nr: 5027
SUSE Linux Enterprise Server 10 SP3 DEBUGINFO	`vpnc-debuginfo >= 0.5.1-1.7.1`	sle10-sp3-sdk.s390x sles10-sp3-debuginfo.x86 sles10-sp3-debuginfo.x86-64 sle10-sp3-sdk.x86-64 sle10-sp3-sdk.x86 sle10-sp3-sdk.ia64 sle10-sp3-sdk.ppc ZYPP Patch Nr: 7691
SUSE Linux Enterprise SDK 10 SP3	`vpnc >= 0.5.1-1.7.1`	sle10-sp3-sdk.s390x sles10-sp3-debuginfo.x86 sles10-sp3-debuginfo.x86-64 sle10-sp3-sdk.x86-64 sle10-sp3-sdk.x86 sle10-sp3-sdk.ia64 sle10-sp3-sdk.ppc ZYPP Patch Nr: 7691
SUSE Linux Enterprise 10 SP4 DEBUGINFO for AMD64 and Intel EM64T SUSE Linux Enterprise 10 SP4 DEBUGINFO for x86	`vpnc-debuginfo >= 0.5.1-1.7.1`	sle10-sp4-sdk.s390x sle10-sp4-sdk.x86 sles10-sp4-debuginfo.x86 sled10-sp4.x86-64 sles10-sp4-debuginfo.x86-64 sle10-sp4-sdk.ppc sled10-sp4.x86 sle10-sp4-sdk.x86-64 sle10-sp4-sdk.ia64 ZYPP Patch Nr: 7692
SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Desktop 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Desktop 10 SP4 for x86	`vpnc >= 0.5.1-1.7.1`	sle10-sp4-sdk.s390x sle10-sp4-sdk.x86 sles10-sp4-debuginfo.x86 sled10-sp4.x86-64 sles10-sp4-debuginfo.x86-64 sle10-sp4-sdk.ppc sled10-sp4.x86 sle10-sp4-sdk.x86-64 sle10-sp4-sdk.ia64 ZYPP Patch Nr: 7692

Products

Products By Category

Collaboration

Endpoint Management

File & Networking Services

Services & Support

Help Yourself

Let Us Help

Download

IT Consulting

Technical Training

Customer Center

Contribute

Partners

Partner With Novell

PartnerNet

Find a Partner

Developers

Communities

About Novell

How to Buy