A code injection in the supportconfig data collection tool in supportutils in SUSE Linux Enterprise Server 12 and 12-SP1 and SUSE Linux Enterprise Desktop 12 and 12-SP1 could be used by local malicious users to execute code as the user running supportconfig (usually root).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
suse linux enterprise server 12 |
||
suse linux enterprise desktop 12 |
||
suse suse linux enterprise server 12 |