CVE-2016-1602

Published: Mar 23, 2017Modified: May 13, 2026

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A code injection in the supportconfig data collection tool in supportutils in SUSE Linux Enterprise Server 12 and 12-SP1 and SUSE Linux Enterprise Desktop 12 and 12-SP1 could be used by local attackers to execute code as the user running supportconfig (usually root).

Affected (4)

Products: Suse: Linux Enterprise Desktop, Linux Enterprise Server, Suse Linux Enterprise Server

Suse

3 products

Linux Enterprise Desktop

Linux Enterprise Server

Suse Linux Enterprise Server

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Suse Linux Enterprise Desktop	Version 12
Suse Linux Enterprise Desktop	Version 12 sp1
Suse Linux Enterprise Server	Version 12 sp1
Suse Suse Linux Enterprise Server	Version 12

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (2)

http://lists.suse.com/pipermail/sle-security-updates/2016-June/002096.html

Source: security@opentext.com

http://lists.suse.com/pipermail/sle-security-updates/2016-June/002096.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.