Description
The quagga package before 0.99.23-2.6.1 in openSUSE and SUSE Linux Enterprise Server 11 SP 1 uses weak permissions for /etc/quagga, which allows local users to obtain sensitive information by reading files in the directory.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/87324
Issue Tracking x_refsource_confirm
https://bugzilla.suse.com/show_bug.cgi?id=770619
Vendor Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2016-04/msg00040.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2016/dsa-3654
Scores
CVSS v3
5.5
EPSS
0.0004
EPSS Percentile
12.6%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-264
Status
published
Products (2)
opensuse/leap
42.1
opensuse/opensuse
13.2
Published
Apr 18, 2016
Tracked Since
Feb 18, 2026