Description
SUSE openSUSE Factory assigns ownership of the /var/log/cobbler/ directory tree to the web-service user account, which might allow local users to gain privileges by leveraging access to this account during root filesystem operations by the Cobbler daemon.
References (2)
Core 2
Core References
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2011/03/23/11
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/66487
Scores
EPSS
0.0004
EPSS Percentile
10.8%
Details
CWE
CWE-264
Status
published
Products (1)
novell/opensuse_factory
Published
Mar 30, 2011
Tracked Since
Feb 18, 2026