CVE-2009-1648

Severity Score

7.5

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The YaST2 LDAP module in yast2-ldap-server on SUSE Linux Enterprise Server 11 (aka SLE11) does not enable the firewall in certain circumstances involving reboots during online updates, which makes it easier for remote attackers to access network services.

El módulo YaST2 LDAP de yast2-ldap-server de SUSE Linux Enterprise Server v11 -también conocido como SLE11-, no activa el cortafuegos en determinadas circunstancias que incluyen reinicios durante las actualizaciones en línea, esto facilita a los atacantes remotos acceder a los servicios en red.

*Credits: N/A

CVSS Scores

NISTv2 7.5

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2009-05-15 CVE Reserved
2009-07-05 CVE Published
2023-03-07 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-16: Configuration

CAPEC

References (2)

URL	Tag	Source
http://secunia.com/advisories/35685	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html	2009-07-06

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Suse Search vendor "Suse"		Suse Linux Search vendor "Suse" for product "Suse Linux"				11 Search vendor "Suse" for product "Suse Linux" and version "11"		enterprise_desktop		Affected
Suse Search vendor "Suse"		Suse Linux Search vendor "Suse" for product "Suse Linux"				11 Search vendor "Suse" for product "Suse Linux" and version "11"		enterprise_server		Affected