Date: 6 Aug 2004 02:45:45 -0000
From: Jordan Pilat <[email protected]>
To: [email protected]Subject: SuSE Linux K-Menu YAST Control Center Priviledge Escalation Vulnerability
A vulnerability exists in the implementation of
placing the SuSE YAST Control Center in the K Menu.
Normally, one would be required to authenticate as
root before being granted access to the YAST Control
Center. When placing the 'preferences' submenu in
the K Menu (in the 'submenu' section under the
'Menus' tab of the K menu panel preferences),
however, one can not only access, but make changes to
the options in the YAST control center without having
to authenticate as root.