OSVDB ID: 72180

Title: SUSE Linux Enterprise rubygem-sqlite3 Local Privilege Escalation

Info

Disclosure

May 03, 2011

Discovery

Unknown

Dates

Exploit

Unknown

Solution

May 03, 2011

Description

SUSE Linux Enterprise contains a flaw that may allow an attacker to gain access to unauthorized privileges. Certain files within rubygem-sqlite3 are world-writable, allowing a local attacker to inject arbitrary code with elevated privileges.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Unknown
Disclosure: Vendor Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, SUSE has released a patch to address this vulnerability. Check the vendor advisory or solution in the references section.

Products

Novell, Inc.

SuSE Linux Enterprise

11 SP1

References

Credit

Unknown or Incomplete



Direct URL: http://osvdb.org/72180