SuSE Linux K-Menu YAST Control Center Priviledge Escalation Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: SuSE Linux K-Menu YAST Control Center Priviledge Escalation Vulnerability
From: Jordan Pilat <cacophony@xxxxxxxxxxxxx>
Date: 6 Aug 2004 02:45:45 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm


A vulnerability exists in the implementation of 
placing the SuSE YAST Control Center in the K Menu.  
Normally, one would be required to authenticate as 
root before being granted access to the YAST Control 
Center.  When placing the 'preferences' submenu in 
the K Menu (in the 'submenu' section under the 
'Menus' tab of the K menu panel preferences), 
however, one can not only access, but make changes to 
the options in the YAST control center without having 
to authenticate as root.

Follow-Ups:
- Re: SuSE Linux K-Menu YAST Control Center Priviledge Escalation Vulnerability
  - From: Radoslav Dejanović
- Re: SuSE Linux K-Menu YAST Control Center Priviledge Escalation Vulnerability
  - From: Stefan Seifert

Prev by Date: Re: Anyone know IBM's security address?
Next by Date: Re: [Full-Disclosure] Clear text password exposure in Datakey's tokens and smartcards
Previous by thread: Opera: Location, Location, Location (GM#008-OP)
Next by thread: Re: SuSE Linux K-Menu YAST Control Center Priviledge Escalation Vulnerability
Index(es):
- Date
- Thread