[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SuSE Linux K-Menu YAST Control Center Priviledge Escalation Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: SuSE Linux K-Menu YAST Control Center Priviledge Escalation Vulnerability
From: Jordan Pilat <cacophony@xxxxxxxxxxxxx>
Date: 6 Aug 2004 02:45:45 -0000


A vulnerability exists in the implementation of 
placing the SuSE YAST Control Center in the K Menu.  
Normally, one would be required to authenticate as 
root before being granted access to the YAST Control 
Center.  When placing the 'preferences' submenu in 
the K Menu (in the 'submenu' section under the 
'Menus' tab of the K menu panel preferences), 
however, one can not only access, but make changes to 
the options in the YAST control center without having 
to authenticate as root.

Follow-Ups:
- Re: SuSE Linux K-Menu YAST Control Center Priviledge Escalation Vulnerability
  - From: Stefan Seifert
- Re: SuSE Linux K-Menu YAST Control Center Priviledge Escalation Vulnerability
  - From: Radoslav Dejanović

Prev by Date: Re: Anyone know IBM's security address?
Next by Date: Re: [Full-Disclosure] Clear text password exposure in Datakey's tokens and smartcards
Previous by thread: RE: [Full-Disclosure] Clear text password exposure in Datakey's tokens and smartcards
Next by thread: Re: SuSE Linux K-Menu YAST Control Center Priviledge Escalation Vulnerability
Index(es):
- Date
- Thread