Filtered by vendor Novell Subscriptions
Filtered by product Opensuse Factory Subscriptions
Total 2 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2011-1551 1 Novell 1 Opensuse Factory 2024-11-21 N/A
SUSE openSUSE Factory assigns ownership of the /var/log/cobbler/ directory tree to the web-service user account, which might allow local users to gain privileges by leveraging access to this account during root filesystem operations by the Cobbler daemon.
CVE-2011-1550 2 Gentoo, Novell 2 Logrotate, Opensuse Factory 2024-11-21 N/A
The default configuration of logrotate on SUSE openSUSE Factory uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories for the (1) cobbler, (2) inn, (3) safte-monitor, and (4) uucp packages.