Info

Disclosure

May 03, 2011

Discovery

Unknown

Dates

Exploit

Unknown

Solution

May 03, 2011

Description

SUSE Linux Enterprise contains a flaw that may allow an attacker to gain access to unauthorized privileges. Certain files within rubygem-sqlite3 are world-writable, allowing a local attacker to inject arbitrary code with elevated privileges.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Unknown
Disclosure: Vendor Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, SUSE has released a patch to address this vulnerability. Check the vendor advisory or solution in the references section.

Products

Novell, Inc.

SuSE Linux Enterprise

11 SP1

References

CVE ID: 2011-0995 (see also: NVD)
Secunia Advisory ID: 44418
Bugtraq ID: 47694
ISS X-Force ID: 67263
Vendor Specific News/Changelog Entry: http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00000.html
http://support.novell.com/security/cve/CVE-2011-0995.html
https://bugzilla.novell.com/show_bug.cgi?id=685928

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/72180