OSVDB ID: 71253

Title: openSUSE aaa_base Metacharacter Tab Expansion Filename Handling Command Execution

Info

Disclosure

Mar 22, 2011

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Mar 22, 2011

Description

openSUSE contains a flaw related to aaa_base failing to properly handle filenames with meta characters during tab expansions. This may allow a context-dependent attacker to use a crafted filename to trick another user to execute arbitrary commands, which may allow the attacker to gain elevated privileges.

Classification

Location: Local Access Required, Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Unknown
Disclosure: Vendor Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, SUSE has released a patch to address this vulnerability.

Products

Novell, Inc.

aaa_base

Unspecified

References

Credit

Unknown or Incomplete



Direct URL: http://osvdb.org/71253