CVE-2005-4772

3 documents3 sources

Severity

6.4MEDIUM

EPSS

0.3%

top 48.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Suse Suse Linux Suse Suse Linux Openexchange Server Suse Suse Linux School Server +2 more

Timeline

PublishedDec 31

Latest updateMay 1

Description

liby2util in Yet another Setup Tool (YaST) in SUSE Linux before 20051007 preserves permissions and ownerships when copying a remote repository, which might allow local users to read or modify sensitive files, possibly giving local users the ability to exploit CVE-2005-3013.

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 10.0 | Impact: 4.9

Affected Packages5 packages

▶NVDsuse/suse_linux9 versions+8

▶NVDsuse/suse_linux_school_servergold

▶NVDsuse/suse_linux_standard_server8.0

▶NVDsuse/suse_linux_openexchange_server4.0

▶NVDsuse/suse_sled_beagle10.0

Patches

Patch: www.novell.com ↗Patch: www.securityfocus.com ↗Patch: www.novell.com ↗

🔴Vulnerability Details

GHSA

GHSA-r6gm-mf7m-68qc: liby2util in Yet another Setup Tool (YaST) in SUSE Linux before 20051007 preserves permissions and ownerships when copying a remote repository, which↗2022-05-01

▶

CVEList

CVE-2005-4772: liby2util in Yet another Setup Tool (YaST) in SUSE Linux before 20051007 preserves permissions and ownerships when copying a remote repository, which↗2006-04-07

▶