PROBLEM:
OpenSUSE aaa_base could allow a local attacker to gain elevated privileges on the system, caused by the improper handling of filenames when performing tab expansions. An attacker could exploit this vulnerability using specially-crafted named files to execute arbitrary commands on the system with elevated privileges.
PLATFORM:
The OpenSUSE aaa_base package before 11.3-8.9.1 in SUSE OpenSUSE 11.3, and before 11.4-54.62.1 in OpenSUSE 11.4
ABSTRACT:
OpenSUSE contains a flaw related to aaa_base failing to properly handle filenames with meta characters during tab expansions. This may allow a context-dependent attacker to use a crafted filename to trick another user to execute arbitrary commands, which may allow the attacker to gain elevated privileges.
reference LINKS:
Vulnerability Details : CVE-2011-0468
Common Vulnerabilities and Exposures - CVE-2011-0468
IMPACT ASSESSMENT:
High
Discussion:
The OpenSUSE aaa_base package could allow a local attacker to gain elevated privileges on the system, caused by the improper handling of filenames when performing tab expansions. An attacker could exploit this vulnerability using specially-crafted named files to execute arbitrary commands on the system with elevated privileges.
Solution:
Please visit the following site for more information. http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html