Novell Home

CVE-2013-3709

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2013-3709 at MITRE

Description

WebYaST 1.3 uses weak permissions for config/initializers/secret_token.rb, which allows local users to gain privileges by reading the Rails secret token from this file.

NVD CVSS v2 Base Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)

Novell/SUSE information

Novell Bugzilla entry: 851116

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
WebYaST 1.2
  • webyast-base-ui >= 0.2.64-0.3.1
  • webyast-base-ui-branding-default >= 0.2.64-0.3.1
  • webyast-base-ui-testsuite >= 0.2.64-0.3.1
Builds
SAT Patch Nr: 8706
SUSE Lifecycle Management Server 1.3
SUSE Studio Onsite 1.3
WebYaST 1.3
  • webyast-base >= 0.3.43.1-0.5.1
  • webyast-base-branding-default >= 0.3.43.1-0.5.1
Builds
SAT Patch Nr: 8608

© 2014 Novell