CVE-2013-3713

openSUSE 13.1 KDE aaa_base < 16.26.1 - Unauthorized Information Exposure via Root User in Users Group

Title source: llm
STIX 2.1

Description

The image creation configuration in aaa_base before 16.26.1 for openSUSE 13.1 KDE adds the root user to the "users" group when installing from a live image, which allows local users to obtain sensitive information and possibly have other unspecified impacts, as demonstrated by reading /etc/shadow.

References (2)

Core 2
Core References
Exploit vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-12/msg00117.html
Issue Tracking x_refsource_confirm
https://bugzilla.novell.com/show_bug.cgi?id=843230

Scores

EPSS 0.0037
EPSS Percentile 28.6%

Details

CWE
CWE-200
Status published
Products (1)
opensuse/opensuse 13.1
Published Jan 11, 2014
Tracked Since Feb 18, 2026