CVE-2009-1648

CWE-163 documents3 sources

Severity

7.5HIGH

EPSS

0.5%

top 35.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Suse Suse Linux

Timeline

PublishedJul 5

Latest updateMay 2

Description

The YaST2 LDAP module in yast2-ldap-server on SUSE Linux Enterprise Server 11 (aka SLE11) does not enable the firewall in certain circumstances involving reboots during online updates, which makes it easier for remote attackers to access network services.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDsuse/suse_linux11

🔴Vulnerability Details

GHSA

GHSA-jhvg-8xfm-jcgm: The YaST2 LDAP module in yast2-ldap-server on SUSE Linux Enterprise Server 11 (aka SLE11) does not enable the firewall in certain circumstances involv↗2022-05-02

▶

CVEList

CVE-2009-1648: The YaST2 LDAP module in yast2-ldap-server on SUSE Linux Enterprise Server 11 (aka SLE11) does not enable the firewall in certain circumstances involv↗2009-07-05

▶